Italy
Veneto region
100,000 €
GDPR enforcement action by Italian Data Protection Authority (Garante) on 2022-10-06.
Rank · Sector
#43
of 357 in Public Sector and Education
Rank · Italy
#77
of 543
Rank · All fines
#478
of 3,051
Case details
- Authority
- Italian Data Protection Authority (Garante)
- Date
- 2022-10-06
- Controller / Processor
- Veneto region
- Sector
- Public Sector and Education
- Quoted Articles
- Art. 5 GDPR, Art. 6 GDPR, Art. 2-ter Codice della privacy
- Type of violation
- Insufficient legal basis for data processing
Summary
The Italian DPA has imposed a fine of EUR 100,000 on the Veneto Region. The DPA had received a complaint from dozens of medical and nursing staff. During its investigation, the DPA found that the Region, in the context of Covid-19 containment measures, had provided lists of information on unvaccinated employees to various healthcare facilities and the physicians in charge there. The DPA found that the Region did not have a valid legal basis for such systematic disclosure of the lists to the physicians and that only the disclosure of the lists to the health authorities was covered by the legal decree in force at the time.
Open original source
Links to the regulator's original publication or another source.
Related fines
Italy
2024-02-08
79,100,000 €
ETid-2306
Enel Energia SpA
Transportation and Energy
Italy
2026-03-26
31,800,000 €
ETid-3162
Intesa Sanpaolo S.p.A.
Finance, Insurance and Consulting
Italy
2020-01-15
27,800,000 €
ETid-189
TIM (telecommunications operator)
Media, Telecoms and Broadcasting
Italy
2022-02-10
20,000,000 €
ETid-1098
Clearview Al Inc.
Industry and Commerce
Italy
2020-07-13
16,700,000 €
ETid-336
Wind Tre S.p.A.
Media, Telecoms and Broadcasting
Italy
2024-11-02
15,000,000 €
ETid-2497
OpenAI OpCo LLC
Media, Telecoms and Broadcasting