Municipality of Bologna – €40,000 Fine (Italy, 2025)

€40,000Garante per la protezione dei dati personali29 April 2025Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Municipality of Bologna was fined €40,000 for not protecting sensitive data of children with disabilities. They used a service provider to handle this data but didn't ensure it had proper security measures in place. This case highlights the importance of data security, especially when dealing with vulnerable groups.

What happened

The Municipality of Bologna failed to ensure that its service provider had adequate security measures for processing sensitive data.

Who was affected

Children with disabilities whose health data was processed by the Municipality of Bologna and its service provider.

What the authority found

The Italian data protection authority found that the Municipality did not take necessary steps to protect sensitive data, violating GDPR's requirements for data security.

Why this matters

This ruling emphasizes that organizations must ensure their service providers have strong data protection practices. It serves as a warning to all companies handling sensitive information to prioritize data security.

GDPR Articles Cited

AI-verified

Art. 5(1)(a) GDPR
Art. 6(1)(c) GDPR
Art. 9(1) GDPR
View original scraped data
Art. 5(1) a) GDPR
c) GDPR
Art. 6(1) c) GDPR
e)
(2)
(3) GDPR
Art. 9(1) GDPR
(2) g)
(4) GDPR

Original data from scraper before AI verification against source document.

Source verified 12 March 2026
articles corrected
national law identified
Italy enforcementGarante per la protezione dei dati personali actionsAll Municipality of Bologna actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 40,000 on the Municipality of Bologna. The controller used a data processor (Cooperativa Sociale Quadrifoglio | ETid: 2274) to process data, including health data, of childreen with disabilities and special needs. The controller failed to ensure, that the processor had sufficient technical and organisational measures to ensure data security, resulting in a data leak.

Related Enforcement Actions (0)

No other enforcement actions found for Municipality of Bologna in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

29 April 2025

Authority

Garante per la protezione dei dati personali

Fine Amount

€40,000

Enforcement Tracker ID

ETid-2776

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Municipality of Bologna - Italy (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: