Sportitalia (the controller) – €20,000 Fine (Italy, 2022)
Sportitalia, a sports club in Milan, was fined for using a fingerprint system to track employee attendance without proper consent. The Italian data protection authority found this violated privacy rules. This case highlights the importance of getting clear consent before collecting sensitive data like fingerprints.
What happened
Sportitalia used a fingerprint system to track employee attendance without obtaining proper consent.
Who was affected
Employees at Sportitalia's fitness clubs in Milan, whose fingerprints were collected for attendance tracking.
What the authority found
The Italian data protection authority ruled that Sportitalia violated GDPR by not having a valid legal basis for processing biometric data.
Why this matters
This case underscores the need for businesses to ensure they have clear consent when collecting sensitive data like biometrics. It serves as a reminder to review and update consent practices, especially when using advanced technology for employee management.
GDPR Articles Cited
National Law Articles
The case involved the use of biometric data for employee attendance tracking, not related to cookies or consent mechanisms.
Violations (1)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Related Enforcement Actions (0)
No other enforcement actions found for Sportitalia (the controller) in IT
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
10 November 2022
Authority
Garante per la protezione dei dati personali
Fine Amount
€20,000
GDPRhub ID
gdprhub-5572About this data
Cite as: Cookie Fines. Sportitalia (the controller) - Italy (2022). Retrieved from cookiefines.eu
Last updated: