USB Lavoro Privato Puglia – €50,000 Fine (Italy, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
USB Lavoro Privato Puglia, a workers' union, successfully challenged an automotive company's practices regarding employee interviews. The company required employees to participate in interviews about their return to work, but the union argued that this violated their privacy rights. This case serves as a reminder for companies to respect employee privacy during workplace assessments.
What happened
An automotive company required employees to participate in return-to-work interviews without proper consent.
Who was affected
Employees who were subjected to the return-to-work interviews by the automotive company.
What the authority found
The authority ruled that the company violated several GDPR articles by not obtaining valid consent for the interviews.
Why this matters
This case highlights the need for companies to obtain clear consent from employees before collecting personal information. It sets a precedent for how workplace assessments should be conducted in compliance with privacy laws.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
Entities Involved
An automotive company (Magna PT S.p.A., the data controller) asked its employees (the data subjects) to undergo “return to work interviews” (“RTWI”) upon returning after leave. Interviews were carried out by the direct superior of the data subjects. The purpose of the interview was to support data subjects in their return to their workplace and gather information on possible shortcomings of the working environment in order to later address them. The questions included, among others, whether the employee's leave was caused by their work, whether their health condition got worse in time, and whether their doctor prescribed specific accomodations or limitations. The controller claimed that participation in the interview was voluntary. Answers given in the interview were manually transcribed in a form and forwarded to HR. HR would then assess the modules and consider possible action to address any issues, along with the data subjects’ superior or the company doctor. Forms were stored for a maximum of ten years. In practice, the controller periodically reviewed the forms and destroyed the ones it did not consider relevant anymore. At the time of the investigation, no form had been stored for longer than 1 year. In 2021 a workers’ union (USB Lavoro Privato Puglia) challenged the lawfulness of this practice by filing a complaint with the DPA. The DPA investigated the complaint two years later. The DPA held that the controller violated Articles 5(1)(c)(e), 6, 9, 13 and 88 GDPR as well as Article 113 of the Italian privacy code. The DPA issued a €50,000 fine and ordered the erasure of the subjects’ data. = The controller stated that the processing relied on the legal basis of consent. In this regard, the controller observed that while consent cannot generally be freely given by employees, EDPB and WP29 Guidelines leave some room for consent when the employee's refusal has no negative consequences for the employee. The controller argued that this was precisely the case of
Violations (1)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Related Enforcement Actions (0)
No other enforcement actions found for USB Lavoro Privato Puglia in IT
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
10 July 2025
Authority
Garante per la protezione dei dati personali
Fine Amount
€50,000
GDPRhub ID
gdprhub-9438About this data
Cite as: Cookie Fines. USB Lavoro Privato Puglia - Italy (2025). Retrieved from cookiefines.eu
Last updated: