RCS Mediagroup S.p.a – €10,000 Fine (Italy, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
RCS Mediagroup S.p.a was fined for publishing a photograph of a will that revealed personal information without proper consent. This ruling matters because it shows that even public documents can have privacy implications. Businesses should be cautious when sharing sensitive information, even if it seems publicly accessible.
What happened
RCS Mediagroup S.p.a published a photograph of a holographic will containing personal information without consent.
Who was affected
The complainant, whose personal information was disclosed in the published will, was affected.
What the authority found
The Italian DPA ruled that RCS Mediagroup S.p.a violated GDPR by not adequately addressing the complainant's requests regarding their personal data.
Why this matters
This case highlights the need for careful consideration of privacy when dealing with public documents. Companies should ensure they respect individuals' privacy rights even in public contexts.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
On 17 February 2023 the complainant brought a case to the Italian DPA claiming a violation of her data protection right concerning the dissemination by an Italian newspaper on 23 January 2023 of an article containing a picture of a holographic will of an actress. According to the complainant, the will clearly showed the name, date, place of birth, address and title of witness assumed by the complainant. The complainant further asserted to have requested RCS Mediagroup S.p.a (the data controller) to exercise her rights provided for from Article 15 GDPR to Article 22 GDPR but did not receive feedback. On 2 March 2023, the Italian DPA requested the data controller to respond to the complainant’s requests and to state whether they would comply with them. On 21 March 2023, the data controller declared that the will is a public deed which can be accessed by anyone with an interest and that the information of the witnesses is an integral part of that public deed. Hence, the public nature of the will deprived it of any confidentiality, and the photograph of the page of the will and the publication of the complainant’s personal data took place lawfully. To which the complainant responded that [https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/1556386 Article 6 of the Deontological Rules], which states that the disclosure of news of major public or social interest is not contrary to respect for the private sphere when the information is indispensable, does not apply and that the data controller should have refrained from disseminating the data of the complainant. Following this, the DPA issued a statement of the commencement of proceedings. The DPA assessed that the failure to reply to the request of the complainant by the data controller could be considered excusable since the complainant made an unclear request, as it referred to compensation for damages and to a streaming reproduction that the data controller never carried out. However, it also found that
Violations (1)
The cookie banner or cookie policy provides vague, incomplete, or unclear information about what cookies are used and why.
Art. 12, 13 GDPR
Related Enforcement Actions (0)
No other enforcement actions found for RCS Mediagroup S.p.a in IT
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
31 August 2023
Authority
Garante per la protezione dei dati personali
Fine Amount
€10,000
GDPRhub ID
gdprhub-6275About this data
Cite as: Cookie Fines. RCS Mediagroup S.p.a - Italy (2023). Retrieved from cookiefines.eu
Last updated: