Italy: Data Protection Authority issued fines totalling EUR 12.5 million and ordered cessation of processing via BancoPosta and PostePay apps

Data Protection Authority issued fines totalling EUR 12.5 million and ordered cessation of processing via BancoPosta and PostePay apps

On 17 April 2026, the Data Protection Authority found that Poste Italiane and PostePay, acting as joint controllers, had unlawfully processed personal data of millions of customers via the BancoPosta and PostePay applications, in breach of Articles …

Scope

Policy Area

Data governance

Policy Instrument

Data protection regulation

Regulated Economic Activity

digital payment provider (incl. cryptocurrencies), other service provider

Implementation Level

national

Government Branch

executive

Government Body

data protection authority

Complete timeline of this policy change

Hide details

2024-04-16

under deliberation

On 16 April 2024, the Data Protection Authority sent a request for information to Poste Italiane an…

2024-07-17

under deliberation

On 17 July 2024, the Data Protection Authority conducted an inspection at the premises of Poste Ita…

2025-04-02

under deliberation

On 2 April 2025, the Data Protection Authority notified Poste Italiane and PostePay, as joint contr…

2026-04-17

in force

On 17 April 2026, the Data Protection Authority found that Poste Italiane and PostePay, acting as j…

Description

Data Protection Authority issued fines totalling EUR 12.5 million and ordered cessation of processing via BancoPosta and PostePay apps

Scope

Complete timeline of this policy change