Garante per la protezione dei dati personali – Court Ruling (Italy, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Italian Supreme Court upheld a decision to stop an association from using an algorithm to rate individuals' reputations. The court found that the association's data processing violated privacy rules. This case highlights the need for clear consent when using algorithms that affect people's reputations.
What happened
The Italian Supreme Court ruled against an association for improperly processing data to calculate reputation ratings using an algorithm.
Who was affected
Individuals whose reputation ratings were calculated by the association's algorithm without proper consent.
What the authority found
The court determined that the association's data processing operations breached privacy laws, particularly regarding consent requirements under GDPR.
Why this matters
This ruling reinforces the necessity for organizations to obtain clear consent when using algorithms that impact individuals' reputations. It serves as a reminder for businesses to prioritize transparency in their data practices.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
The appellant in the present proceeding was an association which used an algorithmic system to objectively calculate the reputation rating of the natural and legal persons who created a profile (the data subjects) on their platform. The case stems from an investigation the Italian DPA had conducted on the appellant. At the end of the investigation, the Garante prohibited under [https://www.garanteprivacy.it/codice Article 154(1)(d) of the Italian Privacy Code] the mentioned data processing operations due to a breach of [https://www.garanteprivacy.it/codice Articles 2, 3, 11, 23, 24 and 26 of the Code]. The DPA decision was appealed by the company and ended up before the Italian Supreme Court, for three reasons. First, the appellant claimed that the previous instance did not adhere to well-established Supreme Court case-law on consent. Second, it highlighted that the math scheme of the algorithm was already available in the EU Patent Registry and easily recognizable. Lastly, the violation and wrongful application of [https://www.gazzettaufficiale.it/anteprima/codici/codiceCivile Article 41 of the Civil Code], [https://www.europarl.europa.eu/charter/pdf/text_en.pdf Article 8(2) of the European Charter for Fundamental Rights], [https://www.garanteprivacy.it/codice Articles 13, 23, 26 of the Italian Privacy Code], as applicable at the time of the facts, and Article 7(4) GDPR with regards to the protection of the principle of economic initiative. The Supreme Court stated that the first two claims of the appellant had to be considered together as they were interrelated. It noted that the previous court had ruled that data processing by an algorithmic system could be considered transparent when the data subjects knew how the algorithm worked. Regardless of the explanation, the Supreme Court focused on the lawfulness of the processing and found that it is necessary for the data processing carried out by an algorithm to be subject to consent. This means that the data subj
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (1)
Other cases involving Garante per la protezione dei dati personali in IT
Details
About this data
Cite as: Cookie Fines. Garante per la protezione dei dati personali - Italy (2023). Retrieved from cookiefines.eu
Last updated: