• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy, Cyber & Data Strategy Blog

  • Home
  • Services
  • Events
  • Contacts

Italy Imposes Record Data Protection Fines

March 14, 2017 By Privacy & Data Security Team

On March 10, Italy’s data protection authority, Il Garante per la protezione dei dati personali (the “Garante”), announced that it had ordered fines totaling more than €11 million on five companies operating in the money transfers sector for breach of Italian data protection law.   The sanctions have been described as the largest privacy fines ever imposed in the European Union.

The Garante’s review grew out of an investigation by the Guardia di Financia, Italy’s financial police, of potential money-laundering violations by UK-based Sigue Global Service Limited (“Sigue”) and four companies operating as its agents in Italy, in connection with more than € 1 billion in money remittances to China. According to the Garante, in order to enable their customers to evade money laundering controls and avoid being associated with the transfers, the companies concerned engaged in fractionation (i.e., dividing transfers to the same recipient into multiple, successive operations, each below money-laundering thresholds) and attributed the transfers to persons other than the actual senders, in some cases deceased or non-existent persons.

The Garante’s intervention in the matter was grounded on the false attribution of senders.  In a series of five orders dated February 2, 2017, the Garante found that the attribution of the money transfers to persons who had not provided consent was a violation of the Italian Data Protection Code, which requires consent or another legal basis for processing of personal data.  In view of the seriousness of the violations, the number of persons concerned, and the importance of the database involved, the Garante imposed a fine of €5,880,000 on Sigue and fines of €1,590,000, €1,430,000, €1,260,000 and €850,000, respectively, on the other four companies, for a total amount of sanctions of over €11 million.

The Garante’s press release (in Italian), which includes links to the five sanctions orders, may be consulted here.

Filed Under: Data Protection Tagged With: European Union (EU)

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy, Cyber & Data Strategy team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • NYDFS Announces Cybersecurity Settlement, Addresses Multi-Factor Authentication Rules
  • The GDPR Reaches the US Supreme Court in Cert Petition
  • Another Court Dismisses Data Breach Class Action Lawsuit for Lack of Standing
  • NYDFS Reports Major Cybersecurity Settlement
  • Virginia Becomes First State with Comprehensive Privacy Law after CCPA
Copyright © 2021 · Alston & Bird · All Rights Reserved. Privacy.