Details:
| Summary | The Italian DPA has imposed a fine of EUR 12,000 on Comune di Salento. An individual had lodged a complaint with the DPA for being recorded by a CCTV camera, which proved that he had disregarded the curfew introduced as part of the Covid-19 pandemic countermeasures. During its investigation, the DPA found that the processing of the personal data for the purpose of proving the curfew violation was not lawful since the cameras had originally been installed for the purpose of combating street crime. The municipality is therefore not processing the data for its original purpose, which constitutes a breach of the purpose limitation principle laid down in the GDPR. The DPA also found that the municipality stored the recordings excessively long and did not provide sufficient information about the CCTV to the data subject. Furthermore, the DPA found that the municipality had failed to respond to the data subject’s request for information in a timely manner. Finally, the municipality failed to maintain a register of processing activities for certain periods. |
| Link: | link |
| Related articles: | Art. 5 (1) a), b), e) GDPR, Art. 6 GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 15 GDPR, Art. 30 GDPR |
| Type: | Non-compliance with general data processing principles |
| Fine: | EUR 12,000 |
| Sector | Public Sector and Education |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/