Comune di Salento – €12,000 Fine (Italy, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Comune di Salento was fined for using CCTV footage to enforce a curfew, which was not the original purpose of the cameras. The data protection authority found that the municipality violated privacy rules by repurposing surveillance footage and not informing individuals properly. This case highlights the importance of using surveillance data only for its intended purpose and ensuring transparency.
What happened
The municipality used CCTV footage to enforce a curfew, violating the original purpose of the cameras.
Who was affected
Individuals recorded by CCTV cameras during the curfew enforcement.
What the authority found
The data protection authority found that the municipality breached privacy rules by using surveillance footage for a purpose other than its original intent.
Why this matters
This decision emphasizes that surveillance data must only be used for its intended purpose, and organizations must be transparent about their data practices. Municipalities and businesses should review their use of CCTV to ensure compliance with privacy laws.
GDPR Articles Cited
The Italian DPA has imposed a fine of EUR 12,000 on Comune di Salento. An individual had lodged a complaint with the DPA for being recorded by a CCTV camera, which proved that he had disregarded the curfew introduced as part of the Covid-19 pandemic countermeasures. During its investigation, the DPA found that the processing of the personal data for the purpose of proving the curfew violation was not lawful since the cameras had originally been installed for the purpose of combating street crime. The municipality is therefore not processing the data for its original purpose, which constitutes a breach of the purpose limitation principle laid down in the GDPR. The DPA also found that the municipality stored the recordings excessively long and did not provide sufficient information about the CCTV to the data subject. Furthermore, the DPA found that the municipality had failed to respond to the data subject's request for information in a timely manner. Finally, the municipality failed to maintain a register of processing activities for certain periods.
Related Enforcement Actions (0)
No other enforcement actions found for Comune di Salento in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
20 October 2022
Authority
Garante per la protezione dei dati personali
Fine Amount
€12,000
Enforcement Tracker ID
ETid-1639
About this data
Cite as: Cookie Fines. Comune di Salento - Italy (2022). Retrieved from cookiefines.eu
Last updated: