Italy: Issued ruling in investigation into Nirvam for illicit processing of user data

On 14 February 2024, the Italian Data Protection Authority (GPDP) issued a ruling against online dating site Nirvam following a comprehensive preliminary investigation that included an on-site inspection. The investigation revealed the illicit processing of user data of approximately 1 million users, including information related to sexual preferences and orientations. The platform, which has approximately 5 million members worldwide, was found to be lacking in providing adequate information to users about the use of their data. The site did not have a specific privacy policy regarding data retention times and had not appointed a data protection officer. The GPDP, in addition to imposing a financial penalty of EUR 200'000, ordered the adoption of corrective measures to align the processing with privacy legislation.