Details:
| Summary | The Italian DPA (Garante) has imposed a fine of EUR 5,000 on the municipality of Montalbano Jonico. An individual had filed a complaint against the municipality with the DPA. He complained that a document was publicly available on the municipality’s website, which contained personal data about himself and his father. Under the ‘Documents and Data’ section of the website, the files of the municipality could be viewed. In this context, it was possible to access a decision on a settlement for the overcoming and removal of architectural barriers in their home by filling out the corresponding search form. The decision clearly contained personal data and information in the text and subject line, such as the name of the complainant and his dependent father, with a reference to his situation as a disabled person. The text of the decision also contained the complainant’s date of birth and place of residence, as well as information about the settlement sum. The DPA considered the the publication with indication of the data to be a violation of the principle of data minimization. |
| Link: | link |
| Related articles: | Art. 5 (1) a), c) GDPR, Art. 6 (1) c), e) GDPR, Art. 6 (2) GDPR, Art. 6 (3) b) GDPR, Art. 9 (1), (2), (4) GDPR, Art. 2-ter (1), (3) Codice della privacy, Art. 2-septies (8) Codice della privacy |
| Type: | Non-compliance with general data processing principles |
| Fine: | EUR 5,000 |
| Sector | Public Sector and Education |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/