Comune di Vicchio – €8,000 Fine (Italy, 2022)

€8,000Garante per la protezione dei dati personali15 December 2022Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Italian data protection authority fined the Comune di Vicchio EUR 8,000 for using employees' biometric data to track attendance without a legal basis. This matters because it highlights the importance of having a valid reason to collect sensitive data like fingerprints. Businesses should ensure they have a legal basis before processing such data.

What happened

Comune di Vicchio used employees' biometric data for attendance tracking without a legal basis.

Who was affected

Employees whose biometric data, such as fingerprints, were collected by the municipality.

What the authority found

The authority found that the municipality's use of biometric data was disproportionate and lacked a legal basis, violating GDPR rules.

Why this matters

This case underscores the need for organizations to justify the collection of sensitive data like biometrics. It serves as a reminder for businesses to review their data collection practices to ensure compliance with data protection laws.

GDPR Articles Cited

Art. 6 GDPR
Art. 5(1)(a) GDPR
Art. 9(2) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Comune di Vicchio actions
Full Legal Summary
Detailed

The Italian DPA (Garante) imposed a fine of EUR 8,000 on Comune di Vicchio. The municipality processed biometric data of employees for the purpose of registering their attendance. Garante found that such processing was not proportionate and therefore constituted an unjustified infringement of the rights of the data subjects. Subsequently, Garante determined that the processing of biometric data had taken place without a legal basis.

Related Enforcement Actions (0)

No other enforcement actions found for Comune di Vicchio in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

15 December 2022

Authority

Garante per la protezione dei dati personali

Fine Amount

€8,000

Enforcement Tracker ID

ETid-1635

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Comune di Vicchio - Italy (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: