Italy

Comune di Velletri

2,000 €

GDPR enforcement action by Italian Data Protection Authority (Garante) on 2026-02-12.

Rank · Sector

#332

of 357 in Public Sector and Education

Rank · Italy

#492

of 543

Rank · All fines

#2,416

of 3,050

Case details

Authority: Italian Data Protection Authority (Garante)
Date: 2026-02-12
Controller / Processor: Comune di Velletri
Sector: Public Sector and Education
Quoted Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR Art. 12 GDPR, Art. 13 GDPR, Art. 28 (1) GDPR
Type of violation: Non-compliance with general data processing principles

Summary

The Italian DPA has imposed a fine of EUR 2,000 on the Commune di Velletri. The controller provided a cemetery app containing data on deceased persons for use within the app. The app combined public and institutional cemetery information, such as names and places of burial, with social and commercial features. In order to view the data of deceased persons, data subjects had to install the app, create a profile, and enter their personal details. Therefore, data processed for institutional public purposes was used for more than the municipality could have used it for. Additionally, the controller failed to adequately control the app provider, who acted as a processor, and to adequately inform data subjects.

Open original source Links to the regulator's original publication or another source.