Comune di Sutri – €2,000 Fine (Italy, 2026)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Comune di Sutri was fined EUR 2,000 for publishing a decision that included personal health information of an employee. This publication was not necessary for transparency and violated privacy rules. This case reminds local governments to be careful about what personal information they share publicly.
What happened
The municipality published a decision that improperly included personal and health data of an employee.
Who was affected
An employee of the Comune di Sutri whose personal and health information was published.
What the authority found
The Italian DPA ruled that the municipality had no legal basis to publish the employee's personal data, violating GDPR.
Why this matters
This ruling highlights the need for public entities to carefully consider the information they disclose. Local governments should ensure they protect employee privacy in their communications.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
The Italian DPA has imposed a fine of EUR 2,000 on the Communi di Sutri. The controller publishes its decisions for transparency purposes. However, the controller published a decision that included the personal and health data of an employee. This was not covered by the purpose and therefore had no legal basis.
Related Enforcement Actions (0)
No other enforcement actions found for Comune di Sutri in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
12 March 2026
Authority
Garante per la protezione dei dati personali
Fine Amount
€2,000
Enforcement Tracker ID
ETid-3155
About this data
Cite as: Cookie Fines. Comune di Sutri - Italy (2026). Retrieved from cookiefines.eu
Last updated: