Italy's data protection authority has fined Intesa Sanpaolo €31.8 million for GDPR violations due to inadequate security controls that allowed an employee to illegally access customer accounts for over two years. This enforcement action demonstrates heightened regulatory scrutiny of data security practices and serves as a warning to organizations about the consequences of insufficient access controls and monitoring.
No articles specifically tagged for Italy yet. Check our blog for general compliance coverage.
The Italian competition authority has imposed an €11.5 million fine on Revolut for misleading practices related to investment services and banking offerings. This enforcement action highlights increased regulatory scrutiny over fintech compliance with consumer protection and financial transparency standards, potentially indicating violations of MiFID II and PSD2.
The Italian Data Protection Authority has fined Intesa Sanpaolo €31.8 million for serious GDPR violations including unauthorized employee access to customer data, inadequate security controls, and delayed breach notifications. This enforcement action signals heightened regulatory scrutiny of data protection practices in the financial sector and emphasizes the need for robust internal controls.
The Italian Data Protection Authority (GPDP) has banned the use of Google Analytics due to unlawful data transfers to the U.S., aligning with similar enforcement actions by French, Austrian, and EDPS authorities under GDPR and the Schrems II ruling. This enforcement highlights that IP addresses constitute personal data and Google's anonymization measures are insufficient to prevent U.S. intelligence access, creating compliance risks for organizations using U.S.-based analytics services.
The Italian Data Protection Authority has fined Clearview AI €20 million for GDPR violations related to its facial recognition technology, banning it from processing biometric data in Italy and ordering deletion of all existing data. This ruling confirms GDPR's extraterritorial application to U.S.-based companies monitoring individuals in Italy, setting a precedent for similar enforcement across Europe.
Italy has approved a draft legislative decree to transpose the EU Pay Transparency Directive into national law, introducing new requirements for pay transparency and equal pay. Employers must disclose pay information in job postings, provide gender-based pay data upon request, and cannot inquire about applicants' pay history. This represents a significant regulatory change for organizations operating in Italy.