## Italian Postal Service Fined Millions Over Privacy Violations Italy’s data protection regulator announced on Monday that it has fined **Poste Italiane SpA**, the country’s national postal service provider, and its digital payments subsidiary, **Postepay SpA**, a total of €12.5 million ($14.7 million) for data privacy violations. **Poste Italiane** received a fine of €6.6 million ($7.8 million), while **Postepay SpA** was fined €5.9 million ($7 million) for allegedly illegally processing the personal data of millions of users. **Poste Italiane** is a state-controlled, publicly-traded entity with numerous subsidiaries, including **Postepay**. The investigation by the regulator focused on the **Postepay** app and the **BancoPosta** app, operated by the financial services division of **Poste Italiane**. According to a press release from the regulator, the apps required users to "authorize the monitoring of a series of data contained on mobile devices, including installed and running applications" in an effort to identify malicious software. The companies argued that this monitoring was necessary to protect transactions and comply with payment services regulations. However, the regulator countered that the methods employed were “excessively invasive” and not essential for fraud prevention. The regulator further alleges that the entities violated privacy laws by failing to adequately inform users about data processing practices, not implementing sufficient security safeguards, and retaining data for excessively long periods.