Regione Lombardia – €200,000 Fine (Italy, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Regione Lombardia was fined for publishing personal data of over 100,000 students on its website without proper protection. This included sensitive information about scholarship applicants. The case underscores the need for careful handling of personal data to protect individuals' privacy.
What happened
Regione Lombardia published lists containing personal data of students applying for state scholarships on its website without adequate safeguards.
Who was affected
Students in Lombardy who applied for scholarships and had their personal information publicly displayed.
What the authority found
The Garante determined that Regione Lombardia failed to protect the personal data of scholarship applicants, violating GDPR requirements.
Why this matters
This case stresses the importance of safeguarding personal information, especially for vulnerable groups like students. It serves as a crucial reminder for organizations to implement strict data protection measures.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Italian DPA (Garante) has imposed a fine of EUR 200,000 on the Region of Lombardy. The region had published on its website the personal data of more than 100,000 students who had applied for state scholarships or financial grants for the purchase of textbooks, technical equipment and teaching materials. As the Garante's preliminary audit revealed, it was possible to view and download the list of approved and funded applications, the list of approved and to be funded applications, the list of state scholarship recipients and the list of ineligible applications from the region's website. These lists included personally identifiable information such as the application ID, the applicant's name, the student's grade, the code and name of the school, as well as the application number. In this context, the DPA stated that the data of persons applying for economic benefits must be protected in a special way to prevent the economic and social hardship of the data subjects from becoming evident.
Violations (1)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Related Enforcement Actions (1)
Other enforcement actions involving Regione Lombardia in IT
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
22 July 2021
Authority
Garante per la protezione dei dati personali
Fine Amount
€200,000
Enforcement Tracker ID
ETid-826
About this data
Cite as: Cookie Fines. Regione Lombardia - Italy (2021). Retrieved from cookiefines.eu
Last updated: