Italy: Data Protection Authority announced investigation over unlawful processing via BancoPosta and PostePay apps

On 16 April 2024, the Data Protection Authority sent a request for information to Poste Italiane and PostePay following 140 reports and 12 complaints received in April and May 2024. The complaints concerned the processing of personal data of users of the BancoPosta and PostePay apps installed on Android operating systems. Users had been presented with a message requiring them to authorise the apps to access usage data to detect malicious software. The message stated that this authorisation was mandatory and that failure to activate it would limit app access to a maximum of three logins, after which app functionality would be suspended.