Italy: Garante fines city of Francavilla Fontana €10,000 for GDPR violation
The Italian data protection authority ('Garante') announced, on 7 January 2020, that it had published a decision ('the Decision') fining the city of Francavilla Fontana €10,000 for violation of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') in its monthly newsletter ('the Newsletter'). In particular, the Decision outlines that an individual complainant argued that the city of Francavilla Fontana reported his specific pathology in the council bulletin board. In addition, the Decision highlights that the processing of health-related data has been carried out in violation of the principle of data minimisation, in violation of Articles 5(1)(c) and 9(1), (2), and (4) of the GDPR, as well as of Article 2-septies(8) of the Personal Data Protection Code, Legislative Decree No. 196/2003.