Ministero degli Interni – €4,000 Fine (Italy, 2023)

€4,000Garante per la protezione dei dati personali23 March 2023Italy
final
ePrivacy
Fine

Italy's data protection authority fined the Ministry of the Interior EUR 4,000 for sharing a man's health data without a legal basis. This case highlights the importance of protecting personal health information, even in public safety contexts. The ruling emphasizes that privacy rights still apply when handling sensitive data.

What happened

The Ministry of the Interior shared a man's health data with multiple entities without a legal basis.

Who was affected

The affected person was Mr. XX, whose health data was shared without consent.

What the authority found

The Italian DPA found that the Ministry of the Interior violated privacy rules by sharing health data without a legal basis.

Why this matters

This decision underscores that even government bodies must respect privacy laws when handling sensitive personal data. Organizations should ensure they have a valid legal basis before sharing health information.

National Law Articles

Article 11 (1) (a) D.lgs 196/2003
Article 11 (2) D.lgs 196/2003
Article 19 D.lgs 196/2003
Article 20 D.lgs. 196/2003
Article 22 D.lgs 196/2003

Entities Involved

Ministero degli Interni
Mr. XX
Italy enforcementGarante per la protezione dei dati personali actionsAll Ministero degli Interni actions
Full Legal Summary
Detailed

In 2018, a medical college discovered that Mr. XX, the complainant, was no longer suitable to have a gun license. In this context, the Commander of the Firemen Department of Latina, the employee of Mr. XX, sent the medical report to "Questura di Latina" due to the active Italian procedure, under articles 11 (3) and 39 of T.U.L.P.S., to revoke any authorization conceded to Mr. XX and preventing the possession of guns, ammunitions, and explosive material. Furthermore, the report was sent to the police department of Terracina and the "Stazione dei Carabinieri di Sonnino". The "Questura di Latina" argued that the report constituted the only legal basis for revoking the gun license and that, given their relationship with public safety, the right to privacy couldn’t be considered prevalent. The Italian Dpa fined, under articles 19 and 20 d.lgs. 30 giugno 2003 n. 196 (before the implementation of GDPR), the "Ministero degli Interni" for having communicated personal data of Mr. XX related to his health, without having a legal basis.

Violations (1)

Cookies Placed Before Consent
critical

Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.

Art. 6(1) GDPR

Related Enforcement Actions (0)

No other enforcement actions found for Ministero degli Interni in IT

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

Data Subject versus Telecommunications Company

2025 · DPA OLGKoblenz

Legal Person

2023 · Úřad pro ochranu osobních údajů

€4K

Ramona Films, S.L.

2022 · Agencia Española de Protección de Datos

€8K

CNIL

2019 · Court of Justice of the European Union

Minister for Legal Protection

2022 · DPA RbOverijssel

Details

Fine Date

23 March 2023

Authority

Garante per la protezione dei dati personali

Fine Amount

€4,000

GDPRhub ID

gdprhub-5916

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0

Cite as: Cookie Fines. Ministero degli Interni - Italy (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: