Privacy, 12.5 million fine from the Garante to Poste Italiane

Staff Editor 2026-04-20
Privacy, 12.5 million fine from the Garante to Poste Italiane

Privacy, 12.5 million fine from the Garante to Poste Italiane

https://en.ilsole24ore.com/art/privacy-fine-125-million-italian-postal-regulator-AIP0pXbC

Publish Date: 2026-04-20 15:05:00

Source Domain: en.ilsole24ore.com

The Garante per la Privacy has imposed a total fine of EUR 12.5 million on the Poste Group, of which EUR 6.624 million on Poste Italiane and EUR 5.877 million on Postepay, for unlawfully processing the personal data of millions of users.

The case is the same from which a 4 million fine issued by the Antitrust Authority in June 2025 had originated, but was annulled this year by the Regional Administrative Court after an appeal by Poste. The investigation by the Garante per la Privacy had started following 140 reports and 12 complaints from April and May 2024 on the fact that users of the Bancoposta and PostePay apps had received messages inviting them to ‘authorise the app to access their data in order to detect the presence of any malicious software’.

Authorisation was compulsory otherwise operations would have been inhibited. The authorisation allowed access to usage data, in order to monitor the apps used by customers, the frequency of use, and to identify telephone operators. These applications thus provided, as a mandatory condition for using the services, for users to grant authorisation to monitor a range of data contained in mobile devices, including installed and running applications, in order to identify any malicious software. The processing was carried out by means of ThreatMetrix, which in essence is a component of Poste’s anti-fraud platform that allows real-time analysis of transactions carried out through the App and provides an index of the risk associated with those transactions.

The Garante: excessively invasive application on users

The measure adopted yesterday states that, after an initial phase of in-depth studies by the Garante, it concluded that ‘the configuration of the ThreatMetrix application appeared excessively invasive of the legal sphere of the person concerned, since the albeit relevant objective of raising the level of computer security and of operating a greater anti-fraud control could have been usefully achieved by the companies…

Source

More Stories

Facebook class-action privacy settlement: 2nd payments set to distribute

Facebook class-action privacy settlement: 2nd payments set to distribute

Staff Editor 2026-06-07
BGU Study Warns AI Sports Scouting May Reinforce Bias, Threaten Privacy

BGU Study Warns AI Sports Scouting May Reinforce Bias, Threaten Privacy

Staff Editor 2026-06-07
Crystal Hefner Lists Hollywood Hills Hideaway For Nearly .5 Million

Crystal Hefner Lists Hollywood Hills Hideaway For Nearly $3.5 Million

Staff Editor 2026-06-07

Terms and Conditions - Privacy Policy