Ama S.p.a. – €239,000 Fine (Italy, 2023)

€239,000Garante per la protezione dei dati personali27 April 2023Italy
final
ePrivacy
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Ama S.p.A. was fined EUR 239,000 for unlawfully disclosing personal data of women who had abortions. This case matters because it shows that companies must respect privacy laws when handling sensitive information. It serves as a warning about the consequences of mishandling personal data.

What happened

Ama S.p.A. included personal data of women on boards placed on graves without lawful justification.

Who was affected

Women whose personal data was disclosed without their consent.

What the authority found

The Italian DPA found that Ama S.p.A. unlawfully processed personal data, violating data protection rules.

Why this matters

This case underscores the need for strict adherence to privacy laws when dealing with sensitive data. Companies must ensure they have the right legal basis before sharing personal information.

GDPR Articles Cited

AI-verified

Art. 28 GDPR
Art. 29 GDPR
Art. 32 GDPR
View original scraped data
Art. 28 GDPR
Art. 29 GDPR
Art. 32 GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
scope corrected
Italy enforcementGarante per la protezione dei dati personali actionsAll Ama S.p.a. actions
Full Legal Summary
Detailed

The Italian DPA imposed a fine of EUR 239,000 on Ama S.p.a.. Ama is in charge of the administration of certain cemeteries in Rome. The city of Rome had provided data of women who had abortions to Ama, which then included the data on boards placed on the graves of the fetuses. During its investigation, the DPA found that the disclosure of the women's personal data was unlawful, as the related law only provides for the provision of the data of the deceased.

Violations (1)

Cookies Placed Before Consent
critical

Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.

Art. 6(1) GDPR

Related Enforcement Actions (0)

No other enforcement actions found for Ama S.p.a. in IT

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

Data Subject versus Telecommunications Company

2025 · DPA OLGKoblenz

Legal Person

2023 · Úřad pro ochranu osobních údajů

€4K

Ramona Films, S.L.

2022 · Agencia Española de Protección de Datos

€8K

CNIL

2019 · Court of Justice of the European Union

Minister for Legal Protection

2022 · DPA RbOverijssel

Details

Fine Date

27 April 2023

Authority

Garante per la protezione dei dati personali

Fine Amount

€239,000

Enforcement Tracker ID

ETid-1915

GDPRhub ID

gdprhub-6059

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Ama S.p.a. - Italy (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: