Italian municipality fined €50,000 for data privacy breach in AI use
Italian municipality Trento fined €50,000 by GPDP for AI data privacy violations involving surveillance tools, insufficient anonymization, and privacy breaches.
The Italian Data Protection Authority (GPDP) imposed a 50,000 € fine against the municipality of Trento for violating data protection rules in the way it used AI tools in two research projects. Namely, these projects were found to use municipal surveillance cameras, microphones, and social networks with AI techniques.
The GPDP found that these actions lacked legitimate reasoning to justify the processing of such data and that sharing such data with third parties violated citizens’ privacy rights. While the DPGP recognized that the municipality used anonymization techniques, they were seen to be insufficient to ensure citizens’ privacy protection. Additionally, GPDP stressed that there was no impact assessment on establishing the municipal surveillance cameras and microphones, which thus resulted in massive and invasive data processing methods.
Why does it matter?
This is the first time that the GPDP fined a local administration over the use of data from AI tools. It is worth noting that Italian Interior From temporarily banning OpeanAI’s ChatGPT in 2023 to finding that OpenAI violates data protection, Italy’s focus has been mainly on AI in ensuring compliance with privacy laws. Therefore, this fine against the Trento municipality indicates Italy’s step in shifting responsibility to local administrations when using AI tools.