City of Rome (Roma capitale) – €10,000 Fine (Italy, 2021)

€10,000Garante per la protezione dei dati personali27 January 2021Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The city of Rome was fined €10,000 for posting personal information about a mother and her child on its website. This happened because the city tried to notify the mother about unpaid canteen fees by making the information public. This case highlights the importance of protecting personal data and finding legal ways to communicate with individuals.

What happened

Rome published personal data of a mother and her child online to notify her of unpaid fees.

Who was affected

A mother and her minor child whose personal information was shared on the city's website.

What the authority found

The Italian DPA ruled that Rome had no legal basis for making the personal data public, violating privacy rules.

Why this matters

This case underscores the need for municipalities to handle personal data carefully and find appropriate ways to communicate without exposing private information online. It serves as a reminder to all organizations to ensure they have a valid legal basis before processing personal data.

GDPR Articles Cited

Art. 2(ter)((1)) GDPR
Art. 5(1)(a) GDPR
Art. 6(1)(c) GDPR
e) Art. 6(2) GDPR
Art. 6(3)(b) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll City of Rome (Roma capitale) actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 10,000 on the city of Rome (Roma capitale). The city had published a document on the municipal website stating that a mother had not paid canteen fees. The document contained personal data of the mother and her minor child. The city stated that, in the absence of a permanent address of the mother to which the notice could have been sent, it had published the document to notify the homeless mother of the debt. However, the DPA found that this could not be considered a sufficient legal basis for processing the personal data, and thus the city unlawfully processed the data.

Related Enforcement Actions (0)

No other enforcement actions found for City of Rome (Roma capitale) in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

27 January 2021

Authority

Garante per la protezione dei dati personali

Fine Amount

€10,000

Enforcement Tracker ID

ETid-1278

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. City of Rome (Roma capitale) - Italy (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: