Fabio Giovanni Petta (data controller of the website www.inelenco.com) – €50,000 Fine (Italy, 2022)
Fabio Giovanni Petta was fined EUR 50,000 for publishing people's contact details on his website without their consent. This case is important because it shows that website operators must obtain permission before sharing personal information online.
What happened
Fabio Giovanni Petta published personal contact details of individuals on his website without their consent.
Who was affected
The individuals whose contact information was published without their knowledge or permission.
What the authority found
The authority found that the website operator violated GDPR rules by failing to obtain consent before publishing personal data.
Why this matters
This ruling serves as a warning to website operators to ensure they have proper consent mechanisms in place before displaying personal information.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
Several data subjects randomly searched for their names on the Google Search engine and found out their contact details and names on the website www.inelenco.com. They never knew about the existence of their data on the website and never gave any consent for their publication. Thus, the Italian DPA received many requests, reports and complaints relating to the unauthorized publication of personal data on this website. Moreover, the data subjects tried several times and for several months to request the erasure of their data without any success. Additionally, it contained incorrect data relating to one of the data subjects concerned. Finally, there was no information on the website that enabled the identification of the controller or its owner. Firstly, the DPA conducted a preliminary investigation through the hosting provider – to find out who the controller and owner were – which reported that the service was in use by Mr. Fabio Giovanni Petta who was the sole proprietor and data controller of the website. Secondly, on 14 May 2020, the DPA asked the controller to provide clarifications to which the controller replied with a laconic answer, on 26 May 2020, by merely stating that there was a “delete data” link on each page from which one could access a form to be used to enter the number to be deleted, obtaining automatic removal within 72 hours. The controller requested to receive copies of the applications received to verify the date and IP address of the (alleged) registrations. On 1 September 2020, the DPA forwarded by email, copies of six instances requesting appropriate feedback within 20 days of receipt to the controller. The controller did not respond. On 2 April 2021, the DPA initiated the proceedings for the adoption of corrective measures and sanctions due to the presence of various profiles of unlawfulness found in the processing. The controller did not respond either. Therefore, the DPA had to request the Special Privacy Unit of the Italian Finance P
Violations (1)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Related Enforcement Actions (0)
No other enforcement actions found for Fabio Giovanni Petta (data controller of the website www.inelenco.com) in IT
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
26 May 2022
Authority
Garante per la protezione dei dati personali
Fine Amount
€50,000
GDPRhub ID
gdprhub-5459About this data
Cite as: Cookie Fines. Fabio Giovanni Petta (data controller of the website www.inelenco.com) - Italy (2022). Retrieved from cookiefines.eu
Last updated: