Italian DPA Fines City for Unlawfully Posting Personal Data
The municipality of Langhirano unlawfully published online the personal data of hundreds of citizens, Italian DPA Garante said Thursday in imposing a 12,000 euro ($14,000) fine.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
The personal data was contained in records of civic and documentary access requests that were uploaded to the transparency section of the council's official website and remained accessible until at least April 2024, Garante said.
The documents, relating to 1,455 applications received between 2017 and September 2023, showed the names of senders and recipients, protocol numbers, subject and descriptions of the applications. In some cases, the watchdog said, the names of property owners were reported; in one example, it was possible to deduce information about a citizen's health.
The municipality justified the publication by referring to a "broad interpretation of the principle of transparency," Garante said. The DPA rejected that idea, saying the municipality should have obscured personal data.
In setting the fine, the DPA said, it considered the municipality's prompt cooperation and its removal of the data from the website.