Italy

Comune di Nave

6,000 €

GDPR enforcement action by Italian Data Protection Authority (Garante) on 2025-12-18.

Rank · Sector

#220

of 357 in Public Sector and Education

Rank · Italy

#344

of 543

Rank · All fines

#1,659

of 3,050

Case details

Authority: Italian Data Protection Authority (Garante)
Date: 2025-12-18
Controller / Processor: Comune di Nave
Sector: Public Sector and Education
Quoted Articles: Art. 5 (1) a) GDPR, Art. 6 (1) c), e), (2), (3) GDPR, Art. 12 (1), (3), (4) GDPR, Art. 13 GDPR, Art. 35 GDPR
Type of violation: Insufficient legal basis for data processing

Summary

The Italian DPA has imposed a fine of EUR 6,000 on the Commune di Nave. The controller has installed an automatic licence plate recognition system which processes data on when a car passes a specific control point. This data is stored for seven days, after which it is automatically deleted. The system is also connected to the Motor Vehicle Registry and automatically verifies the passing vehicle's insurance coverage, periodic inspection and environmental class. This data processing occurred without a sufficient legal basis. The controller also failed to adequately inform data subjects, develop a data protection impact assessment and react adequately to data subject requests to exercise their rights.

Open original source Links to the regulator's original publication or another source.