Arte del Vivere S.r.l. – €5,000 Fine (Italy, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Arte del Vivere S.r.l. was fined for not removing a person's personal data from their website despite multiple requests. The individual had been listed on a site for shiatsu practitioners without consent, and the company failed to respond to deletion requests. This case underscores the importance of respecting individuals' rights to control their personal information.
What happened
Arte del Vivere S.r.l. did not delete a person's personal data from their website after receiving requests to do so.
Who was affected
A person whose information was published on the shiatsu practitioners' website was affected.
What the authority found
The Garante ruled that Arte del Vivere S.r.l. did not comply with GDPR requirements for responding to data deletion requests.
Why this matters
This ruling stresses that companies must act promptly on requests to delete personal data. It serves as a crucial reminder for businesses to maintain updated records and respond to user requests effectively.
GDPR Articles Cited
A data subject filed a complaint with the Italian DPA (Garante per la Protezione dei Dati Personali – Garante) due to the publication of his personal data on www.mondoshiatsu.com, a website which shows the contact details of various certified shiatsu massage practitioners. The data subject stated that he was automatically inserted into this portal after having attended an annual training course in this discipline in 2003. Due to the amount of time that had passed since then, and the fact that he never became an actual practitioner, he made numerous requests via telephone and email in order to delete his data, which were not responded. The Garante initiated an investigation, and determined that the company responsible for the publication of the website was Arte del Vivere S.r.l. The Garante then made a request for information related to the company’s failure to respond to the data subject’s request for deletion of his personal data. The Garante was initially unable to notify this request, and had to employ the Finance Police in order to successfully do so. When the company eventually replied, its director stated that they were not the owners of the domain, and had delegated the maintenance of the website to a third party processor. However, the company argued that the website could not be updated because the processor no longer had the credentials to do so. The Garante noted that the contents of the website clearly attribute it to Arte del Vivere, and that as a beneficiary of this website, the company should have contractual or accounting documentation related to the web hosting service. The company was then eventually able to delete the entire website, which had not been updated since 2014, by reporting the issue to the website’s net service host. The Garante stated that Arte del Vivere, as a data controller, proved to be completely unable to guarantee compliance with GDPR and the data subject’s deletion request. The Garante also noted that the company showed a t
Related Enforcement Actions (0)
No other enforcement actions found for Arte del Vivere S.r.l. in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
10 February 2022
Authority
Garante per la protezione dei dati personali
Fine Amount
€5,000
Enforcement Tracker ID
ETid-1122
GDPRhub ID
gdprhub-4833About this data
Cite as: Cookie Fines. Arte del Vivere S.r.l. - Italy (2022). Retrieved from cookiefines.eu
Last updated: