Italy

Ministero dell’Economia e delle Finanze

12,000 €

GDPR enforcement action by Italian Data Protection Authority (Garante) on 2026-02-26.

Rank · Sector

#170

of 357 in Public Sector and Education

Rank · Italy

#254

of 543

Rank · All fines

#1,296

of 3,050

Case details

Authority: Italian Data Protection Authority (Garante)
Date: 2026-02-26
Controller / Processor: Ministero dell’Economia e delle Finanze
Sector: Public Sector and Education
Quoted Articles: Art. 5 (1) a) GDPR, Art. 6 (1) c), e) GDPR, Art. 28 (3) GDPR
Type of violation: Insufficient legal basis for data processing

Summary

The Italian DPA has imposed a fine of EUR 12,000 on the Ministero dell’Economia e delle Finanze. The controller had been running an "open competition, based on qualifications and examinations, for the recruitment of a total of (...)". The competition comprises a preliminary selection test and subsequent stages. By law, individuals with certain medical conditions may be exempt from certain tests. After the preliminary selection, the controller published a list of candidates eligible for the next round, which was visible to all applicants. This list noted which candidates had been exempted from certain tests, allowing conclusions to be drawn about their medical conditions.

Open original source Links to the regulator's original publication or another source.