Italian Postal Service Fined $15 Million for Data Privacy Violations

Severity: Low (Score: 36.9)

Sources: Ground.News, orf.at, www.ansa.it, Therecord.Media

Summary

The Italian Data Protection Authority has fined Poste Italiane S.p.A. €6,624,000 ($7.8 million) and Postepay S.p.A. €5,877,000 ($7 million) for unlawfully processing personal data of millions of users. The investigation, initiated in April 2024, revealed that the BancoPosta and Postepay apps engaged in excessively invasive practices that interfered with user privacy, which were not essential for fraud prevention. The fines were imposed due to numerous complaints regarding these practices. The total fine amounts to approximately €12.5 million ($15 million). The ruling highlights ongoing concerns about data privacy compliance among financial service providers in Italy. Current status indicates that both companies are reviewing the ruling and may consider an appeal. Key Points: • Poste Italiane and Postepay fined a total of €12.5 million for data privacy violations. • Investigation revealed invasive data processing practices not necessary for fraud prevention. • Complaints leading to the investigation began in April 2024.

Key Entities

• Poste Italiane (company)
• Poste Italiane SpA (company)
• Postepay (company)
• Postepay SpA (company)