Azienda regionale per lo sviluppo dell'agricoltura calabrese – €50,000 Fine (Italy, 2025)
Azienda regionale per lo sviluppo dell'agricoltura calabrese was fined €50,000 for tracking employees' locations without proper consent. This is important because it emphasizes the need for clear consent when using tracking technologies.
What happened
The agency required employees to use a location-tracking app without obtaining their consent.
Who was affected
Employees who were monitored through the location-tracking application.
What the authority found
The Italian DPA ruled that the agency violated GDPR by not obtaining valid consent for tracking personal data.
Why this matters
This ruling serves as a warning to employers about the importance of consent when using technology to monitor employees. Companies should ensure they have clear consent mechanisms for any tracking tools.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
The Calabrian Regional Agency for Agricultural Development (the controller) implemented a remote work policy that required employees to use a time-tracking application called "Time Relax" when working remotely. The application required employees to enable location services on their devices and collected their precise geographical coordinates during clock-in and clock-out procedures. The controller used this geolocation data to verify that employees were working from locations specified in their individual remote work agreements. In addition to routine location tracking during daily time-stamping, the controller conducted targeted inspections of specific employees. During these inspections, an officer would call the employee during their availability hours and request them to perform double time-stamping (clock-in and clock-out) through the Time Relax application. The employee was then required to send an email declaring their exact location during the inspection. The officer would subsequently verify whether the declared location matched both the email declaration and the location data recorded by the application. An employee of the controller (the data subject) was subjected to such an inspection. The controller found discrepancies found between their declared work location in the remote work agreement and their actual location during the inspection. On these grounds, the controller initiated disciplinary proceedings against the data subject. The data subject filed a complaint with the DPA, alleging violations of data protection principles. Additionally, the Department of Public Administration reported the controller's practices to the DPA. During the proceedings, the controller claimed that the monitoring was carried out with the consent of its employees. The controller also pointed out that its monitoring system was implemented in agreement with trade union representatives, as required under Italian labor law. Overall, the DPA found violations of Articles 5(1)(
Violations (1)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Related Enforcement Actions (0)
No other enforcement actions found for Azienda regionale per lo sviluppo dell'agricoltura calabrese in IT
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
13 March 2025
Authority
Garante per la protezione dei dati personali
Fine Amount
€50,000
GDPRhub ID
gdprhub-9273About this data
Cite as: Cookie Fines. Azienda regionale per lo sviluppo dell'agricoltura calabrese - Italy (2025). Retrieved from cookiefines.eu
Last updated: