Italy: Data Protection Authority opened enforcement proceedings over unlawful processing via BancoPosta and PostePay apps

Data Protection Authority opened enforcement proceedings over unlawful processing via BancoPosta and PostePay apps

On 2 April 2025, the Data Protection Authority notified Poste Italiane and PostePay, as joint controllers, of the opening of enforcement proceedings under Articles 58(2) and 83 of the GDPR and Article 166(5) of the Personal Data Protection Code. The…

Scope

Policy Area

Data governance

Policy Instrument

Data protection regulation

Regulated Economic Activity

digital payment provider (incl. cryptocurrencies), other service provider

Implementation Level

national

Government Branch

executive

Government Body

data protection authority

Complete timeline of this policy change

Hide details

2024-04-16

under deliberation

On 16 April 2024, the Data Protection Authority sent a request for information to Poste Italiane an…

2024-07-17

under deliberation

On 17 July 2024, the Data Protection Authority conducted an inspection at the premises of Poste Ita…

2025-04-02

under deliberation

On 2 April 2025, the Data Protection Authority notified Poste Italiane and PostePay, as joint contr…

2026-04-17

in force

On 17 April 2026, the Data Protection Authority found that Poste Italiane and PostePay, acting as j…

Description

Data Protection Authority opened enforcement proceedings over unlawful processing via BancoPosta and PostePay apps

Scope

Complete timeline of this policy change