Amiu s.p.a. – €200,000 Fine (Italy, 2022)

€200,000Garante per la protezione dei dati personali28 April 2022Italy
final
ePrivacy
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Amiu S.p.A. was fined €200,000 for sharing images from its surveillance cameras on Facebook without permission. This is important because it shows that companies must have a valid reason to publish personal images. Small businesses should ensure they have proper consent before sharing any identifiable images online.

What happened

Amiu S.p.A. published images from surveillance cameras on Facebook without a valid legal basis.

Who was affected

Individuals captured in the surveillance images who were identifiable and had their privacy violated.

What the authority found

The Italian data protection authority found that Amiu lacked a valid legal basis for processing personal data, violating GDPR rules.

Why this matters

This case highlights the need for companies to have clear consent before sharing personal information. It sets a precedent that companies can be held accountable for improper data sharing practices.

GDPR Articles Cited

AI-verified

Art. 37 GDPR
Art. 5(1)(a) GDPR
Art. 5(1)(b) GDPR
Art. 6(1) GDPR
Art. 28(2) GDPR
View original scraped data
Art. 5 GDPR
Art. 6 GDPR
Art. 28 GDPR
Art. 37 GDPR
Art. 57(1)(a) GDPR

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Art. 2-ter Codice Privacy
Source verified 6 March 2026
articles corrected
national law identified
scope corrected
Italy enforcementGarante per la protezione dei dati personali actionsAll Amiu s.p.a. actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 200,000 on Amiu S.p.A.. The company operates the waste collection service for the city of Taranto and acted as a processor for this service. The company had installed several video surveillance cameras for the purpose of monitoring illegal waste disposal. The DPA found that Amiu had posted some images from the cameras on Facebook, showing individuals sufficiently visible making it possible to identify them. During its investigation, the DPA found that Amiu did not have a valid legal basis to publish the images. It also found that the processing was not sufficiently regulated, contrary to the requirements of Art. 28 GDPR. Finally, the DPA found that Amiu had not appointed a data protection officer.

Violations (1)

Cookies Placed Before Consent
critical

Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.

Art. 6(1) GDPR

Related Enforcement Actions (0)

No other enforcement actions found for Amiu s.p.a. in IT

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

Data Subject versus Telecommunications Company

2025 · DPA OLGKoblenz

Legal Person

2023 · Úřad pro ochranu osobních údajů

€4K

Ramona Films, S.L.

2022 · Agencia Española de Protección de Datos

€8K

CNIL

2019 · Court of Justice of the European Union

Minister for Legal Protection

2022 · DPA RbOverijssel

Details

Fine Date

28 April 2022

Authority

Garante per la protezione dei dati personali

Fine Amount

€200,000

Enforcement Tracker ID

ETid-1667

GDPRhub ID

gdprhub-4985

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Amiu s.p.a. - Italy (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: