Ministero dell'Ambiente e della Sicurezza Energetica – €5,000 Fine (Italy, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Ministero dell'Ambiente e della Sicurezza Energetica was fined €5,000 for posting a document online that included sensitive employee health data without permission. The document was accessible for 16 days, putting personal information at risk. This case emphasizes the need for careful handling of sensitive data.
What happened
The Ministero dell'Ambiente e della Sicurezza Energetica published a document containing employee health data without a valid legal basis.
Who was affected
Employees whose health data was included in the publicly accessible document.
What the authority found
The Italian authority ruled that the ministry lacked a valid legal basis for sharing the sensitive information.
Why this matters
This case serves as a warning for public organizations about the importance of protecting sensitive data. Proper legal grounds must be established before sharing any personal information.
GDPR Articles Cited
The Italian DPA has imposed a fine of EUR 5,000 on Ministero dell'Ambiente e della Sicurezza Energetica. The controller had published a document on its website that contained numerous data, including employee health data, without a valid legal basis. The document was publicly accessible for 16 days.
Related Enforcement Actions (0)
No other enforcement actions found for Ministero dell'Ambiente e della Sicurezza Energetica in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
28 September 2023
Authority
Garante per la protezione dei dati personali
Fine Amount
€5,000
Enforcement Tracker ID
ETid-2109
About this data
Cite as: Cookie Fines. Ministero dell'Ambiente e della Sicurezza Energetica - Italy (2023). Retrieved from cookiefines.eu
Last updated: