Ica s.r.l. – €30,000 Fine (Italy, 2021)

€30,000Garante per la protezione dei dati personali2 December 2021Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

ICA s.r.l. was fined EUR 30,000 by the Italian data protection authority for not securing personal data in a traffic fine payment system. This is important because it shows the need for strong security measures to protect user data.

What happened

ICA s.r.l. failed to implement adequate security measures in a system used for paying traffic fines, risking unauthorized data access.

Who was affected

Citizens using the traffic fine payment system who had their personal data potentially exposed.

What the authority found

The Italian authority determined that ICA s.r.l. did not provide sufficient security measures to protect personal data, violating GDPR's security requirements.

Why this matters

This case emphasizes the need for companies to implement robust security measures to protect personal data. Businesses should regularly assess and update their security protocols to prevent unauthorized access.

GDPR Articles Cited

Art. 32 GDPR
Art. 5(1)(f) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Ica s.r.l. actions
Full Legal Summary
Detailed

The Italian DPA (Garante) has fined ICA s.r.l. EUR 30,000. The municipality of Collegno had implemented a system developed by ICA through which citizens could pay fines for traffic violations. However, due to a lack of security precautions, it was theoretically possible for unauthorized persons to access personal data stored via the program. For this reason, the DPA found that ICA had failed to implement appropriate technical and organizational measures providing a level of security commensurate with the risk posed to the data subject.

Related Enforcement Actions (0)

No other enforcement actions found for Ica s.r.l. in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

2 December 2021

Authority

Garante per la protezione dei dati personali

Fine Amount

€30,000

Enforcement Tracker ID

ETid-975

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Ica s.r.l. - Italy (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: