European Data Protection Board logo
Close menu

Italian SA fines a company for post-sick leave questionnaires

  • National News
  • it

Background information

  • Date of final decision: 10 July 2025
  • National case
  • Controller: Magna PT S.p.A.
    Legal Reference(s): Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing),  Article 9 (Processing of special categories of personal data),  Article 13 (Information to be provided where personal data are collected from the data subject)
  • Decision: Administrative fine, Definitive ban on data processing
  • Key words: Administrative fine, Principles relating to processing of personal data, Transparency,
    Retention time, Lawfulness of processing, Employment

Summary of the Decision

Origin of the case  

A trade union report highlighted a widespread practice within an automotive company: after an absence due to illness, accident or hospitalisation, workers were interviewed and asked to complete a questionnaire. The document, completed by a direct supervisor, was then sent to the Human Resources Department, which, together with the supervisor and/or the competent doctor, assessed, on the basis of the company's representations, any initiatives to protect the health of workers, such as modifying the workstation or intervening in working relationships.


Key Findings 

During the investigation, the Italian Supervisory Authority (SA) found several infringements of the EU Regulation (GDPR), including the lack of clear and transparent information for employees and the lack of a legal basis for data processing, including health data. The Italian SA also found that workers' data were being stored in an irrelevant (absences from work) and disproportionate (up to ten years) manner, and that the data processing was not relevant for assessing the professional skills of the employees.

Decision

The Italian SA imposed a definitive ban on data processing and ordered the company to delete any data already collected and stored. The Italian SA also issued an administrative fine of 50 000 Euro.

For further information: Lavoro, il Garante privacy sanziona un’azienda per questionari post-malattia 
 

Relevant topics
Fines
Controller/processor

Latest news

  • EDPB News

One-Stop-Shop case digest on right to object and right to erasure updated

  • EDPB News

Supporting GDPR consistency: EDPB launches dedicated form

  • EDPB News

EDPB gets a new look: discover the new website and brand identity

Todas as notícias