Comune di Napoli Corpo di Polizia Municipale – €12,000 Fine (Italy, 2022)

€12,000Garante per la protezione dei dati personali22 May 2022Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Italian data protection authority fined the Naples Municipal Police EUR 12,000 for improperly sharing employee data. They sent personal details and Covid-19 test appointments via email without a valid legal basis. This case shows that consent in an employer-employee relationship is often not enough for data processing.

What happened

The Naples Municipal Police sent employee personal data and Covid-19 test details via email without proper consent.

Who was affected

Employees of the Naples Municipal Police whose personal data and Covid-19 test information were shared.

What the authority found

The Italian DPA decided that the police could not rely on employee consent for sharing their data, as consent in such relationships is not truly voluntary.

Why this matters

This ruling highlights the challenges of using consent as a legal basis for processing employee data, emphasizing the need for employers to find more appropriate legal grounds. It serves as a warning to organizations to carefully evaluate their data-sharing practices.

GDPR Articles Cited

Art. 6 GDPR
Art. 5(1)(a) GDPR
Art. 88 GDPR
Art. 113 Codice della privacy GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Comune di Napoli Corpo di Polizia Municipale actions
Full Legal Summary
Detailed

The Italian DPA has fined the police authority 'Comune di Napoli Corpo di Polizia Municipale' EUR 12,000. The police authority had sent a list of names, addresses, tax numbers, contact details and appointments for Covid-19 tests of employees to various administrative units via e-mail. The authority referred to the consent given by the employees as the legal basis for the data processing. However, the DPA concluded that the authority could not rely on consent, as voluntary consent is questionable in the employee-employer relationship.

Related Enforcement Actions (0)

No other enforcement actions found for Comune di Napoli Corpo di Polizia Municipale in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

22 May 2022

Authority

Garante per la protezione dei dati personali

Fine Amount

€12,000

Enforcement Tracker ID

ETid-1299

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Comune di Napoli Corpo di Polizia Municipale - Italy (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: