Università Commerciale “Luigi Bocconi” di Milano – €200,000 Fine (Italy, 2021)

€200,000Garante per la protezione dei dati personali16 September 2021Italy
final
ePrivacy
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Luigi Bocconi University was fined 200,000 euros for using software to monitor students during online exams without proper consent. The university claimed it was necessary due to the pandemic, but the authority disagreed. This case is important because it emphasizes the need for educational institutions to balance privacy with remote learning needs.

What happened

The university used monitoring software during online exams without obtaining proper consent from students.

Who was affected

Students at Luigi Bocconi University who were monitored during online exams.

What the authority found

The Italian authority found that the university's use of monitoring software violated GDPR by not having a valid legal basis for processing student data.

Why this matters

This decision underscores the need for educational institutions to ensure that remote learning technologies comply with privacy laws. It serves as a reminder to balance technological solutions with students' privacy rights.

GDPR Articles Cited

AI-verified

Art. 6 GDPR
Art. 9 GDPR
Art. 13 GDPR
Art. 25 GDPR
Art. 5(1)(a) GDPR
Art. 5(1)(c) GDPR
Art. 5(1)(e) GDPR
View original scraped data
Art. 5(1)(c) GDPR
Art. 5(1)(e) GDPR
Art. 5(1)(a) GDPR
Art. 6 GDPR
Art. 9 GDPR
Art. 13 GDPR
Art. 25 GDPR
Art. 35 GDPR
Art. 44 GDPR
Art. 46 GDPR

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Art. 122 Codice Privacy
Source verified 6 March 2026
articles corrected
national law identified
amount discrepancy
scope corrected
Italy enforcementGarante per la protezione dei dati personali actionsAll Università Commerciale “Luigi Bocconi” di Milano actions
Full Legal Summary
Detailed

The case involves data processing for online exams during the COVID-19 pandemic, not related to cookies or consent mechanisms.

Violations (1)

Cookies Placed Before Consent
critical

Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.

Art. 6(1) GDPR

Related Enforcement Actions (0)

No other enforcement actions found for Università Commerciale “Luigi Bocconi” di Milano in IT

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

Data Subject versus Telecommunications Company

2025 · DPA OLGKoblenz

Legal Person

2023 · Úřad pro ochranu osobních údajů

€4K

Ramona Films, S.L.

2022 · Agencia Española de Protección de Datos

€8K

CNIL

2019 · Court of Justice of the European Union

Minister for Legal Protection

2022 · DPA RbOverijssel

Details

Fine Date

16 September 2021

Authority

Garante per la protezione dei dati personali

Fine Amount

€200,000

GDPRhub ID

gdprhub-4253

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Università Commerciale “Luigi Bocconi” di Milano - Italy (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: