Azienda regionale per lo sviluppo dell'agricoltura calabrese – €50,000 Fine (Italy, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Calabrian Regional Agency for Agricultural Development was fined for tracking employee locations without proper consent. They used a time-tracking app that collected precise location data, violating privacy rules. This case shows the importance of obtaining consent before using tracking technologies.
What happened
The agency tracked employees' locations using a time-tracking app without obtaining their consent first.
Who was affected
Employees of the Calabrian Regional Agency who were required to use the tracking app while working remotely.
What the authority found
The authority found that the agency violated privacy rules by placing tracking cookies before getting consent from employees.
Why this matters
This ruling emphasizes that companies must obtain clear consent before using tracking technologies on employees. It serves as a reminder for businesses to review their privacy practices.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
The Calabrian Regional Agency for Agricultural Development (the controller) implemented a remote work policy that required employees to use a time-tracking application called "Time Relax" when working remotely. The application required employees to enable location services on their devices and collected their precise geographical coordinates during clock-in and clock-out procedures. The controller used this geolocation data to verify that employees were working from locations specified in their individual remote work agreements. In addition to routine location tracking during daily time-stamping, the controller conducted targeted inspections of specific employees. During these inspections, an officer would call the employee during their availability hours and request them to perform double time-stamping (clock-in and clock-out) through the Time Relax application. The employee was then required to send an email declaring their exact location during the inspection. The officer would subsequently verify whether the declared location matched both the email declaration and the location data recorded by the application. An employee of the controller (the data subject) was subjected to such an inspection. The controller found discrepancies found between their declared work location in the remote work agreement and their actual location during the inspection. On these grounds, the controller initiated disciplinary proceedings against the data subject. The data subject filed a complaint with the DPA, alleging violations of data protection principles. Additionally, the Department of Public Administration reported the controller's practices to the DPA. During the proceedings, the controller claimed that the monitoring was carried out with the consent of its employees. The controller also pointed out that its monitoring system was implemented in agreement with trade union representatives, as required under Italian labor law. Overall, the DPA found violations of Articles 5(1)(
Violations (1)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Related Enforcement Actions (0)
No other enforcement actions found for Azienda regionale per lo sviluppo dell'agricoltura calabrese in IT
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
13 March 2025
Authority
Garante per la protezione dei dati personali
Fine Amount
€50,000
GDPRhub ID
gdprhub-9273About this data
Cite as: Cookie Fines. Azienda regionale per lo sviluppo dell'agricoltura calabrese - Italy (2025). Retrieved from cookiefines.eu
Last updated: