Data Controller – €1,000 Fine (Italy, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A data controller was fined €1,000 for mistakenly sending personal data to the wrong email address. This incident highlights the importance of careful data handling and communication. It serves as a warning for businesses to double-check their data sharing practices to protect user privacy.
What happened
The data controller disclosed personal data by sending an email to an unintended recipient.
Who was affected
Individuals whose personal data was included in the email sent to the wrong address.
What the authority found
The Italian Data Protection Authority determined that the data controller violated GDPR rules by failing to protect personal data during communication.
Why this matters
This case underscores the need for businesses to implement strict data handling protocols. Ensuring correct data sharing practices can prevent costly mistakes and protect user privacy.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Italian DPA has imposed a fine of EUR 1,000 on a data controller. The controller disclosed personal data by sending an email to an address that third parties who were not meant to receive the data had access to.
Related Enforcement Actions (0)
No other enforcement actions found for Data Controller in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
18 December 2025
Authority
Garante per la protezione dei dati personali
Fine Amount
€1,000
Enforcement Tracker ID
ETid-3025
About this data
Cite as: Cookie Fines. Data Controller - Italy (2025). Retrieved from cookiefines.eu
Last updated: