Roma Capitale – €176,000 Fine (Italy, 2023)

€176,000Garante per la protezione dei dati personali27 April 2023Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Roma Capitale was fined EUR 176,000 for unlawfully sharing personal data of women who had abortions with a funeral company. The data was used on grave markers, which was not allowed under the law. This case emphasizes the need for strict data privacy measures when handling sensitive personal information.

What happened

Roma Capitale shared personal data of women who had abortions with a funeral company, which was then displayed on grave markers.

Who was affected

Women who had abortions and whose personal data was unlawfully disclosed.

What the authority found

The Italian DPA found that Roma Capitale unlawfully disclosed personal data, violating privacy laws.

Why this matters

This ruling stresses the importance of adhering to privacy laws when dealing with sensitive data. Organizations must ensure that data sharing complies with legal requirements to protect individuals' privacy.

GDPR Articles Cited

AI-verified

Art. 9 GDPR
Art. 32 GDPR
Art. 5(1)(a) GDPR
Art. 5(1)(b) GDPR
Art. 5(1)(c) GDPR
Art. 5(1)(d) GDPR
Art. 5(1)(f) GDPR
View original scraped data
Art. 5(1)(a) GDPR
b)
c)
d)
f) GDPR
Art. 9 GDPR
Art. 28 GDPR
Art. 29 GDPR
Art. 32 GDPR
Art. 2-sexies Codice della privacy
Art. 2-septies Codice della privacy

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Art. 2-sexies Codice della privacy
Art. 2-septies Codice della privacy

Entities Involved

Roma Capitale
€176,000
(controller)
Ama
€239,000
(processor)
Source verified 6 March 2026
articles corrected
national law identified
entity split needed
Italy enforcementGarante per la protezione dei dati personali actionsAll Roma Capitale actions
Full Legal Summary
Detailed

The Italian DPA imposed a fine of EUR 176,000 on Roma Capitale. The city had provided data of women who had abortions to the company in charge of the funeral, which included the data on boards placed on the graves of the fetuses. During its investigation, the DPA found that the disclosure of the women's personal data was unlawful, as the related law only provides for the provision of the data of the deceased.

Related Enforcement Actions (2)

Other enforcement actions involving Roma Capitale in IT

Fine
Feb 2021· Garante per la protezione dei dati personali

The Italian DPA (Garante) fined the city of Rome EUR 350,000 for failing to take adequate technical and organizational measures regarding the data of ...

€350K
Fine
Jul 2021· Garante per la protezione dei dati personali

The Italian DPA (Garante) has imposed a fine of EUR 800,000 on Roma Capitale. The Garante had launched an investigation following a complaint from an ...

€800K
Current
Apr 2023

Fine

€176K

Details

Fine Date

27 April 2023

Authority

Garante per la protezione dei dati personali

Fine Amount

€176,000

Enforcement Tracker ID

ETid-1914

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Roma Capitale - Italy (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: