Comune di Offanengo – €8,000 Fine (Italy, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Comune di Offanengo was fined for publishing sensitive personal information about a person on its official website. The municipality shared details that included private correspondence and sensitive data without proper consent. This case highlights the need for public bodies to handle personal data with care, especially when it involves sensitive information.
What happened
The municipality published personal data about an individual on its official website without proper consent.
Who was affected
An individual whose sensitive personal information was published by Comune di Offanengo.
What the authority found
The Garante per la protezione dei dati personali fined the municipality for failing to lawfully process personal data under GDPR.
Why this matters
This case underscores the importance of protecting personal information, even for public entities, and the need for strict adherence to privacy laws.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
The data subject filed a complaint with the Italian DPA against the controller, a municipality, due to the publishing on their official website, of all deliberations concerning the data subject, containing personal data, like email correspondence between the controller and the data subject, letters concerning proceedings, the data subject´s leave calendar (annual leave, accepted and rejected days off, payment) as well as sensitive data, like the data subject´s belonging to a trade union. The controller argued that: # No personal data connected to the private life of the data subject was published, except for his name and surname in initials and their personal details were only present in one document. # The facts in question happened in the Context of the Covid-19 emergency. # The personal data published were already public for transparent communication due to national law governing access to information kept by the public administration ([https://www.normattiva.it/uri-res/N2Ls?urn:nir:stato:decreto.legislativo:2013-03-14;33!vig d.lgs. 33/2013]). The DPA started by considering that the GDPR applies to the case as the use of initials is insufficient to avoid the identifiability of the data subject. First, on the lawfulness of the processing, the DPA recognised that public authorities are allowed to treat data subjects´ personal data as per Article 6(1)(c) GDPR, but specified that the fact that it is a public authority doing the processing is not sufficient to fall within the scope of this provision. Second, on the processing of sensitive data, under Article 9(1) GDPR, the DPA found that, even if it not explicitly written, the fact that a document was signed by a trade union was sufficient to indirectly establish the data subject´s membership. Third, it considered that national law ([https://www.normattiva.it/uri-res/N2Ls?urn:nir:stato:decreto.legislativo:2000-08-18;267~art124 Art.124 d.lgs. 267/2020]) provides that any publications in the online website are still
Violations (1)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Related Enforcement Actions (0)
No other enforcement actions found for Comune di Offanengo in IT
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
17 October 2024
Authority
Garante per la protezione dei dati personali
Fine Amount
€8,000
GDPRhub ID
gdprhub-8588About this data
Cite as: Cookie Fines. Comune di Offanengo - Italy (2024). Retrieved from cookiefines.eu
Last updated: