In March 2018, the Garante per la Protezione dei Dati Personali, Italy’s Data Protection Authority, issued a fine of Euros 32,000 against the Rousseau association, controller of the processing of data of the website users of the Italian political party “5-Star” (Cinque Stelle). Federprivacy reports.
After a data breach, the Italian DPA started investigating whether the websites had a compliant data privacy policy.
Among other security issues, the DPA discovered the controller did not duly informed the data subjects that their data were transferred to Wind Tre S.p.A. e ITNET s.r.l. which were managing the party’s web platform.
At the end of the investigation, the Italian DPA ordered the 5-Star to correct some technical flaws in the party’s websites to make them more secure and to make the e-voting system more respectful of the voters’ privacy.
The decision n. 548, dated December 21, 2017, doc. web n. 7400401is available (in Italian) at http://www.garanteprivacy.it…
For more information about how privacy is implemented in Europe, contact Francesca Giannoni-Crystal & Federica Romanelli.