On September 13, 2024, the Italian data protection authority (Garante) published in its newsletter no. 527, its decision no. 411, as issued on July 4, 2024, in which it imposed a fine of €10,000 on Nomodidattica S.r.l. following violations of the General Data Protection Regulation (GDPR).

Background to the decision

The Garante noted that on February 13, 2023, a link to a jurisdictional provision from the Court of Vicenza was published in full and without any anonymization of the minor's information mentioned within the ruling in the online magazine 'moltocomuni.it' for which Nomodidattica is the publisher. The Garante mentioned that the Court ruling that was linked described a dispute between two municipalities over the economic management of several reception facilities for minors and mentioned the minors' names, residences, and length of stay at the facilities.

Findings of the Garante

The Garante stated that the processing by Nomodidattica constituted a violation of the general principles of processing according to Articles 5(1)(a) and 5(1)(c) of the GDPR regarding the principles of lawfulness and correctness of processing and data minimization. The Garante also mentioned that when publishing rulings that report current events and sentences concerning minors, it is always necessary to verify that names and details that could harm a minor's privacy are obscured.

Outcomes

As a result of the above, the Garante imposed an administrative sanction of €10,000 on Nomodidattica. The Garante also mentioned the fine amount was in consideration of Nomodidattica's immediate blackout of the article containing the link and de-indexing the article from search engines.

You can read the decision here and the newsletter here, both only available in Italian.