Garante per la protezione dei dati personali (Italy) - 9979112

From GDPRhub
Garante per la protezione dei dati personali - 9979112
LogoIT.png
Authority: Garante per la protezione dei dati personali (Italy)
Jurisdiction: Italy
Relevant Law: Article 37(7) GDPR
Documento di indirizzo su designazione, posizione e compiti del Responsabile della protezione dei dati (RPD) in ambito pubblico
Guidelines on Data Protection Officers ('DPOs') (wp243rev.01)
Type: Investigation
Outcome: Violation Found
Started:
Decided: 11.01.2024
Published:
Fine: 5000 EUR
Parties: Comune di Siracusa
National Case Number/Name: 9979112
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): Italian
Original Source: GARANTE PER LA PROTEZIONE DEI DATI PERSONALI (in IT)
Initial Contributor: Luca Brocca

The Italian DPA fined the Municipality of Siracusa €5,000 for failing to communicate the DPO contact details in accordance with Article 37 GDPR.

English Summary

Facts

The Italian DPA conducted an investigation into the compliance of the Municipality of Siracusa (the controller) with data protection laws, pursuant to Article 58(1)(b) GDPR.

During the investigation, it was discovered that the controller had failed to fulfil its obligation to designate a DPO and communicate their contact details to the DPA. Considering the findings, the DPA informed the controller of the start of a sanctioning procedure under Article 58(2) GDPR. The DPA also invited the controller to provide its defence in writing.

Holding

The Italian DPA noted that Article 37(7) GDPR not only mandates the controller to publish the contact details of the DPO but also to communicate them to the DPA. Furthermore, it cited the “Guidelines on Data Protection Officers”, adopted by the Article 29 Working Party, which outline the requirements for designating a DPO and communicating their contact details to the DPA. The Italian DPA even established in another document the dedicated online procedure for entities to use in communicating the DPO's contact details. This procedure served as the solely authorised channel for such communications and was designed to ensure the efficient and secure transfer of information between entities and the DPA.

Therefore, although the controller had published the contact details of the DPOs on its website, it had not officially communicated this information via established procedures to the DPA, violating Article 37(7) GDPR. The controller's attempts to rectify the situation, such as contacting the DPA by phone and submitting the contact details of the DPOs through the designated online form, were deemed insufficient by the DPA since the details were provided after the start of the proceedings.

As a consequence, the DPA imposed a pecuniary administrative sanction of €5,000 on the controller for its failure to comply with Article 37(7) GDPR.

Comment

Similar fines have been issued to other three public authorities in Italy in the DPA's decisions 9979171, 9979152 and 9979128.

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Italian original. Please refer to the Italian original for more details.

SEE ALSO Newsletter of 6 February 2024



[doc. web no. 9979112]

Provision of 11 January 2024

Register of measures
n. 6 of 11 January 2024

THE GUARANTOR FOR THE PROTECTION OF PERSONAL DATA

IN today's meeting, which was attended by prof. Pasquale Stanzione, president, Prof. Ginevra Cerrina Feroni, vice-president, Dr. Agostino Ghiglia and the lawyer. Guido Scorza, members and the councilor. Fabio Mattei, general secretary;

HAVING REGARD to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, relating to the protection of natural persons with regard to the processing of personal data, as well as the free movement of such data and which repeals Directive 95/46/ EC, “General Data Protection Regulation” (hereinafter, “Regulation”);

HAVING REGARD TO Legislative Decree 30 June 2003, n. 196 containing "Code regarding the protection of personal data, containing provisions for the adaptation of national law to Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, relating to the protection of natural persons with regard to the processing of personal data, as well as the free circulation of such data and which repeals Directive 95/46/EC (hereinafter the “Code”);

GIVEN Regulation no. 1/2019 concerning internal procedures with external relevance, aimed at carrying out the tasks and exercising the powers delegated to the Guarantor for the protection of personal data, approved with resolution no. 98 of 4 April 2019, published in the Official Gazette. n. 106 of 8 May 2019 and in www.gpdp.it, doc. web no. 9107633 (hereinafter “Guarantor Regulation no. 1/2019”);

HAVING SEEN the documentation in the documents;

GIVEN the observations made by the general secretary pursuant to art. 15 of the Guarantor's Regulation no. 1/2000 on the organization and functioning of the office of the Guarantor for the protection of personal data, doc. web no. 1098801;

Speaker Prof. Pasquale Stanzione;

PREMISE

1. Introduction.

As part of an initiative aimed at facilitating the fulfillment of obligations regarding the protection of personal data, with note dated XX (prot. n. XX), the Authority represented to the Municipality of Syracuse (hereinafter, the "Municipality "), That:

- "has made available a specific online procedure for the communication, change and revocation of the name of the designated DPO", which "represents the only contact channel that can be used for this specific purpose and can be found on the page https://servizi. gpdp.it/comunicazionerpd/s/, where the specific instructions are also reported”;

- "following "a series of checks on the communications received, starting from the tax codes of public bodies, as collected in the Index of digital domiciles of public administrations and public service managers (IPA)" it was found that, "for this body, the due communication of contact details is not recorded in its archives" and, therefore, this municipality was invited "to carry out a check on the communication made at the time, checking, in particular, whether it contains errors" and, consequently, "Upon the outcome of the checks, [...] to carry out the necessary regularisation, proceeding as quickly as possible";

- “The Authority will subsequently carry out further checks; should there still be anomalies with reference to the aforementioned obligations on the part of this Body, it reserves the right to initiate proceedings to ascertain any liability".

A check carried out by the Authority in 2023 on the Municipality's website revealed the publication of the contact details of the Personal Data Protection Officer (hereinafter, the "DPO") appointed pursuant to Article 37 of the Regulation , but the failure to communicate the DPO's contact details to the Authority persists using the dedicated channel mentioned above.

2. The preliminary investigation activity.

With note dated XX (prot. n. XX), the Office, on the basis of the elements acquired and the checks carried out, notified the Municipality, pursuant to art. 166, paragraph 5, of the Code, the initiation of the procedure for the adoption of the measures referred to in the art. 58, par. 2, of the Regulation, for not having communicated the contact details of the DPO to the Authority, in violation of the art. 37, par. 7, of the Regulation.

With the same note, the Municipality was invited to produce defensive writings or documents to the Guarantor or to request to be heard by the Authority (art. 166, paragraphs 6 and 7, of the Code, as well as art. 18, paragraph 1, of the l 24 November 1981, n. 689).

With note dated XX (prot. n. XX), the RPD of the Municipality presented his defense statement, declaring, among other things, that:

- “the undersigned Dr. […], in her capacity as Manager of the Municipality of Syracuse, was appointed Data Protection Officer […] with Union Decree no. XX of the XX”;

- "not having had the undersigned communication of what this Privacy Guarantor had sent in 2020 to the Municipality of Syracuse and initiated the necessary checks, which were not positively verified by the municipal offices, the undersigned proceeded to contact the offices of the Guarantor by telephone and request the protocol number of the communication of the Personal Data Protection Officer appointed with council resolution 145 of 05/21/2018, modified with council resolution no. 149 of 05/30/2018”;

- “[…] it would appear that this Municipality has not taken steps to communicate the data of the Data Protection Officer appointed in 2018 […]. With prot note no. XX of the XX the General Secretary of the Municipality of Syracuse invited the undersigned to verify the contact details of the Data Protection Officer (RDP) in the manner set out in the note acquired in the protocol. general of the Authority XX of the XX of the Guarantor";

- "the undersigned will, today, communicate the contact details of the Data Protection Officer [...] by filling out the online form, as a new contact".

3. Outcome of the preliminary investigation.

The processing of personal data by public entities must take place in compliance with the provisions of the Regulation and the Code.

Pursuant to art. 37 of the Regulation, “The data controller and the data processor systematically designate a data protection officer whenever: a) the processing is carried out by a public authority or a public body, except the jurisdictional authorities when they exercise their functions jurisdictional” (par. 1, letter a)); “The data controller or processor shall publish the contact details of the data protection officer and communicate them to the supervisory authority” (para. 7).

Furthermore, in the “Guidelines on Data Protection Officers (DPOs)”, adopted by the Article 29 Working Party on Personal Data Protection on 13 December 2016 and amended on 5 April 2017, it is added that “The Article 37, seventh paragraph, of the GDPR requires the controller or processor to publish the contact details of the DPO, and to communicate the contact details of the DPO to the relevant supervisory authorities. These provisions aim to ensure that both data subjects (inside or outside the owner or responsible entity/body) and the supervisory authorities can contact the DPO easily and directly without having to contact another structure operating at the owner/manager” (para. 2.6).

Also the "Guidance document on the designation, position and duties of the Data Protection Officer (DPO) in the public sector", adopted by the Guarantor on 29 April 2021 with provision no. 186 (web doc. no. 9589104), specifies that "With regards to communication to the Authority, it should be noted that the Guarantor has made a specific online procedure available not only for communication, but also for the variation and revocation of the name of the designated DPO. This procedure represents the only contact channel that can be used for this specific purpose and can be found on the page https://servizi.gpdp.it/comunicazionerpd/s/, where the specific instructions and related FAQs are also reported: moreover, please refer the attention of the entities to correctly enter the requested data, such as the identification of the data controller (the entity as a whole, and not the legal representative) and the compilation of the administration's tax code (and not the VAT number, i.e. of the tax code of another person)” (para. 7).

In this case, the failure to communicate the contact details of the RPD to the Authority was verified, both with reference to the RPD designated by resolution of the Council of 21 May 2018, and with reference to the RPD designated by resolution of the Mayor of 14 November 2022 , for which the violation of the art. 37, par. 7 of the Regulation in relation to both cases.

4. Conclusions.

In light of the assessments mentioned above, it is noted that the declarations made by the Municipality during the investigation are the veracity of which one may be called upon to respond to pursuant to art. 168 of the Code ˗ although worthy of consideration, do not allow us to overcome the findings notified by the Office with the act of initiating the proceedings and are insufficient to allow the dismissal of the present proceedings, as, moreover, none of the cases provided for by the art. 11 of the Guarantor Regulation n. 1/2019.

The preliminary assessments of the Office are therefore confirmed and the illegality of the processing of personal data carried out by the Municipality is noted for not having communicated the contact details of the DPO to the Authority in violation of the art. 37, par. 7, of the Regulation.

5. Adoption of the injunction order for the application of the pecuniary administrative sanction and accessory sanctions (art. 58, par. 2, letter i), and 83 of the Regulation; art. 166, paragraph 7, of the Code).

The Guarantor, pursuant to articles. 58, par. 2, letter. i), and 83 of the Regulation as well as art. 166 of the Code, has the power to "impose a pecuniary administrative sanction pursuant to article 83, in addition to the [other] [corrective] measures referred to in this paragraph, or in place of such measures, depending on the circumstances of each single case" and, in this framework, "the Board [of the Guarantor] adopts the injunction order, with which it also provides for the application of the additional administrative sanction of its publication, in full or in extract, on the website of the Guarantor pursuant to article 166, paragraph 7, of the Code” (art. 16, paragraph 1, of the Guarantor Regulation no. 1/2019).

In this regard, in this case, the violation of the cited provision is subject to the application of the same pecuniary administrative sanction provided for by the art. 83, par. 4, of the Regulation. The aforementioned pecuniary administrative sanction imposed, depending on the circumstances of each individual case, must be determined in the amount taking due account of the elements provided for by the art. 83, par. 2, of the Regulation, in relation to which the following is observed.

The Municipality's failure to communicate the contact details of the DPO negatively affected the possibility of the Authority contacting the DPO easily and directly. Furthermore, it is noted that this failure to communicate concerned two DPOs designated by the Municipality over time (that of 2018 and that of 2022), and that the Municipality itself proved to be in default also following the receipt of the 2020 communication from the Authority on exactly the same topic.

On the other hand, it is noted that the Municipality has taken steps to partially remedy the violation and mitigate its possible negative effects (having communicated the contact details of the DPO currently appointed to the Authority on 5 June 2023) and that they are not against the same previous relevant violations committed or previous measures referred to in the art. 58 of the Regulation. The negligent nature of the violation is also noted.

On the basis of the aforementioned elements, evaluated as a whole, it is deemed necessary to determine the amount of the pecuniary sanction, in the amount of 5,000 (five thousand) euros for the violation of art. 37, par. 7 of the Regulation as a pecuniary administrative sanction deemed pursuant to art. 83, par. 1 of the Regulation, effective, proportionate and dissuasive.

It is also believed that the accessory sanction of publication of this provision on the Guarantor's website, provided for by art., should be applied. 166, paragraph 7, of the Code and art. 16 of the Guarantor Regulation n. 1/2019, as it concerns the failure to comply with a requirement that has become mandatory for more than five years.

Finally, it is believed that the conditions set out in art. 17 of Regulation no. 1/2019 concerning internal procedures with external relevance, aimed at carrying out the tasks and exercising the powers delegated to the Guarantor.

ALL THIS CONSIDERING THE GUARANTOR

pursuant to art. 57, par. 1, letter. f), of the Regulation, declares the conduct of the Municipality of Syracuse, described in the terms set out in the motivation, to be unlawful, consisting in the violation of the art. 37, par. 7, of the Regulation.

ORDER

To the Municipality of Syracuse, with headquarters in Piazza Duomo n. 4, 96100, Syracuse - C.F. 80001010893 - pursuant to articles. 58, par. 2, letter. i), and 83, par. 5, of the Regulation and art. 166, paragraph 2, of the Code, to pay the sum of 5,000 (five thousand) euros as a pecuniary administrative sanction for the violations indicated in the justification;

ORDERS

To the Municipality of Syracuse, to pay the sum of 5,000 (five thousand) euros according to the methods indicated in the attachment, within 30 days of notification of this provision, under penalty of the adoption of the consequent executive acts in accordance with the art. 27 of the law. n. 689/1981.
In this regard, please note that the right remains for the violator to settle the dispute through the payment - always according to the methods indicated in the annex - of an amount equal to half of the sanction imposed, within 30 days from the date of notification of this provision, pursuant to art. 166, paragraph 8, of the Code (see also art. 10, paragraph 3, of Legislative Decree no. 150 of 1/9/2011);

HAS

the publication of this provision on the Guarantor's website pursuant to art. 166, paragraph 7, of the Code;

the annotation of this provision in the internal register of the Authority, provided for by the art. 57, par. 1, letter. u), of the Regulation, of violations and measures adopted in compliance with the art. 58, par. 2, of the Regulation.

Pursuant to the articles. 78 of the Regulation, 152 of the Code and 10 of Legislative Decree no. 150/2011, it is possible to appeal against this provision before the ordinary judicial authority, under penalty of inadmissibility, within thirty days from the date of communication of the provision itself or within sixty days if the appellant resides abroad.

Rome, 11 January 2024

PRESIDENT
Stanzione

THE SPEAKER
Stanzione

THE GENERAL SECRETARY
Mattei



SEE ALSO Newsletter of 6 February 2024



[doc. web no. 9979112]

Provision of 11 January 2024

Register of measures
n. 6 of 11 January 2024

THE GUARANTOR FOR THE PROTECTION OF PERSONAL DATA

IN today's meeting, which was attended by prof. Pasquale Stanzione, president, Prof. Ginevra Cerrina Feroni, vice-president, Dr. Agostino Ghiglia and the lawyer. Guido Scorza, members and the councilor. Fabio Mattei, general secretary;

HAVING REGARD to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, relating to the protection of natural persons with regard to the processing of personal data, as well as the free movement of such data and which repeals Directive 95/46/ EC, “General Data Protection Regulation” (hereinafter, “Regulation”);

HAVING REGARD TO Legislative Decree 30 June 2003, n. 196 containing "Code regarding the protection of personal data, containing provisions for the adaptation of national law to Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, relating to the protection of natural persons with regard to the processing of personal data, as well as the free circulation of such data and which repeals Directive 95/46/EC (hereinafter the “Code”);

GIVEN Regulation no. 1/2019 concerning internal procedures with external relevance, aimed at carrying out the tasks and exercising the powers delegated to the Guarantor for the protection of personal data, approved with resolution no. 98 of 4 April 2019, published in the Official Gazette. n. 106 of 8 May 2019 and in www.gpdp.it, doc. web no. 9107633 (hereinafter “Guarantor Regulation no. 1/2019”);

HAVING SEEN the documentation in the documents;

GIVEN the observations made by the general secretary pursuant to art. 15 of the Guarantor's Regulation no. 1/2000 on the organization and functioning of the office of the Guarantor for the protection of personal data, doc. web no. 1098801;

Speaker Prof. Pasquale Stanzione;

PREMISE

1. Introduction.

As part of an initiative aimed at facilitating the fulfillment of obligations regarding the protection of personal data, with note dated XX (prot. n. XX), the Authority represented to the Municipality of Syracuse (hereinafter, the "Municipality "), That:

- "has made available a specific online procedure for the communication, change and revocation of the name of the designated DPO", which "represents the only contact channel that can be used for this specific purpose and can be found on the page https://servizi. gpdp.it/comunicazionerpd/s/, where the specific instructions are also reported”;

- "following "a series of checks on the communications received, starting from the tax codes of public bodies, as collected in the Index of digital domiciles of public administrations and public service managers (IPA)" it was found that, "for this Body, the due communication of contact details is not recorded in its archives" and, therefore, this Municipality was invited "to carry out a check on the communication made at the time, checking, in particular, whether it contains errors" and, consequently, "Upon the outcome of the checks, [...] to carry out the necessary regularisation, proceeding as quickly as possible";

- “The Authority will subsequently carry out further checks; should there still be anomalies with reference to the aforementioned obligations on the part of this Body, it reserves the right to initiate proceedings to ascertain any liability".

A check carried out by the Authority in 2023 on the Municipality's website revealed the publication of the contact details of the Personal Data Protection Officer (hereinafter, the "DPO") appointed pursuant to Article 37 of the Regulation , but the failure to communicate the DPO's contact details to the Authority persists using the dedicated channel mentioned above.

2. The preliminary investigation activity.

With note dated XX (prot. n. XX), the Office, on the basis of the elements acquired and the checks carried out, notified the Municipality, pursuant to art. 166, paragraph 5, of the Code, the initiation of the procedure for the adoption of the measures referred to in the art. 58, par. 2, of the Regulation, for not having communicated the contact details of the DPO to the Authority, in violation of the art. 37, par. 7, of the Regulation.

With the same note, the Municipality was invited to produce defensive writings or documents to the Guarantor or to request to be heard by the Authority (art. 166, paragraphs 6 and 7, of the Code, as well as art. 18, paragraph 1, of the l 24 November 1981, n. 689).

With note dated XX (prot. n. XX), the RPD of the Municipality presented his defense statement, declaring, among other things, that:

- “the undersigned Dr. […], in her capacity as Manager of the Municipality of Syracuse, was appointed Data Protection Officer […] with Union Decree no. XX of the XX”;

- "not having had the undersigned communication of what this Privacy Guarantor had sent in 2020 to the Municipality of Syracuse and initiated the necessary checks, which were not positively verified by the municipal offices, the undersigned proceeded to contact the offices of the Guarantor by telephone and request the protocol number of the communication of the Personal Data Protection Officer appointed with council resolution 145 of 05/21/2018, modified with council resolution no. 149 of 05/30/2018";

- “[…] it would appear that this Municipality has not taken steps to communicate the data of the Data Protection Officer appointed in 2018 […]. With prot note no. XX of the XX the General Secretary of the Municipality of Syracuse invited the undersigned to verify the contact details of the Data Protection Officer (RDP) in the manner set out in the note acquired in the protocol. general of the Authority XX of the XX of the Guarantor";

- "the undersigned will, today, communicate the contact details of the Data Protection Officer [...] by filling out the online form, as a new contact".

3. Outcome of the preliminary investigation.

The processing of personal data by public entities must take place in compliance with the provisions of the Regulation and the Code.

Pursuant to art. 37 of the Regulation, “The data controller and the data processor systematically designate a data protection officer whenever: a) the processing is carried out by a public authority or a public body, except the jurisdictional authorities when they exercise their functions jurisdictional” (par. 1, letter a)); “The data controller or processor shall publish the contact details of the data protection officer and communicate them to the supervisory authority” (para. 7).

Furthermore, in the “Guidelines on Data Protection Officers (DPOs)”, adopted by the Article 29 Working Party on the protection of personal data on 13 December 2016 and amended on 5 April 2017, it is added that “The Article 37, seventh paragraph, of the GDPR requires the controller or processor to publish the contact details of the DPO, and to communicate the contact details of the DPO to the relevant supervisory authorities. These provisions aim to ensure that both data subjects (inside or outside the owner or responsible entity/body) and the supervisory authorities can contact the DPO easily and directly without having to contact another structure operating at the owner/manager” (para. 2.6).

Also the "Guidance document on the designation, position and duties of the Data Protection Officer (DPO) in the public sector", adopted by the Guarantor on 29 April 2021 with provision no. 186 (web doc. no. 9589104), specifies that "With regards to communication to the Authority, it should be noted that the Guarantor has made a specific online procedure available not only for communication, but also for the variation and revocation of the name of the designated DPO. This procedure represents the only contact channel that can be used for this specific purpose and can be found on the page https://servizi.gpdp.it/comunicazionerpd/s/, where the specific instructions and related FAQs are also reported: moreover, please refer the attention of the entities to correctly enter the requested data, such as the identification of the data controller (the entity as a whole, and not the legal representative) and the compilation of the administration's tax code (and not the VAT number, i.e. of the tax code of another person)” (para. 7).

In this case, the failure to communicate the contact details of the RPD to the Authority was verified, both with reference to the RPD designated by resolution of the Council of 21 May 2018, and with reference to the RPD designated by resolution of the Mayor of 14 November 2022 , for which the violation of the art. 37, par. 7 of the Regulation in relation to both cases.

4. Conclusions.

In light of the assessments mentioned above, it is noted that the declarations made by the Municipality during the investigation are the veracity of which one may be called upon to respond to pursuant to art. 168 of the Code ˗ although worthy of consideration, do not allow us to overcome the findings notified by the Office with the act of initiating the proceedings and are insufficient to allow the dismissal of the present proceedings, as, moreover, none of the cases provided for by the art. 11 of the Guarantor Regulation n. 1/2019.

The preliminary assessments of the Office are therefore confirmed and the illegality of the processing of personal data carried out by the Municipality is noted for not having communicated the contact details of the DPO to the Authority in violation of the art. 37, par. 7, of the Regulation.

5. Adoption of the injunction order for the application of the pecuniary administrative sanction and accessory sanctions (articles 58, par. 2, letter i), and 83 of the Regulation; art. 166, paragraph 7, of the Code).

The Guarantor, pursuant to articles. 58, par. 2, letter. i), and 83 of the Regulation as well as art. 166 of the Code, has the power to "impose a pecuniary administrative sanction pursuant to article 83, in addition to the [other] [corrective] measures referred to in this paragraph, or in place of such measures, depending on the circumstances of each single case" and, in this framework, "the Board [of the Guarantor] adopts the injunction order, with which it also provides for the application of the additional administrative sanction of its publication, in full or in extract, on the website of the Guarantor pursuant to article 166, paragraph 7, of the Code” (art. 16, paragraph 1, of the Guarantor Regulation no. 1/2019).

In this regard, in this case, the violation of the cited provision is subject to the application of the same pecuniary administrative sanction provided for by the art. 83, par. 4, of the Regulation. The aforementioned pecuniary administrative sanction imposed, depending on the circumstances of each individual case, must be determined in the amount taking into due account the elements provided for by the art. 83, par. 2 of the Regulation, in relation to which the following is observed.

The Municipality's failure to communicate the contact details of the DPO negatively affected the possibility of the Authority contacting the DPO easily and directly. Furthermore, it is noted that this failure to communicate concerned two DPOs designated by the Municipality over time (that of 2018 and that of 2022), and that the Municipality itself proved to be in default also following the receipt of the 2020 communication from the Authority on exactly the same topic.

On the other hand, it is noted that the Municipality has taken steps to partially remedy the violation and mitigate its possible negative effects (having communicated the contact details of the DPO currently appointed to the Authority on 5 June 2023) and that they are not against the same previous relevant violations committed or previous measures referred to in the art. 58 of the Regulation. The negligent nature of the violation is also noted.

On the basis of the aforementioned elements, evaluated as a whole, it is deemed necessary to determine the amount of the pecuniary sanction, in the amount of 5,000 (five thousand) euros for the violation of art. 37, par. 7 of the Regulation as a pecuniary administrative sanction deemed pursuant to art. 83, par. 1 of the Regulation, effective, proportionate and dissuasive.

It is also believed that the accessory sanction of publication of this provision on the Guarantor's website, provided for by art., should be applied. 166, paragraph 7, of the Code and art. 16 of the Guarantor Regulation n. 1/2019, as it concerns the failure to comply with a requirement that has become mandatory for more than five years.

Finally, it is believed that the conditions set out in art. 17 of Regulation no. 1/2019 concerning internal procedures with external relevance, aimed at carrying out the tasks and exercising the powers delegated to the Guarantor.

ALL THIS CONSIDERING THE GUARANTOR

pursuant to art. 57, par. 1, letter. f), of the Regulation, declares the conduct of the Municipality of Syracuse, described in the terms set out in the motivation, to be unlawful, consisting in the violation of the art. 37, par. 7, of the Regulation.

ORDER

To the Municipality of Syracuse, with headquarters in Piazza Duomo n. 4, 96100, Syracuse - C.F. 80001010893 - pursuant to articles. 58, par. 2, letter. i), and 83, par. 5, of the Regulation and art. 166, paragraph 2, of the Code, to pay the sum of 5,000 (five thousand) euros as a pecuniary administrative sanction for the violations indicated in the justification;

ORDERS

To the Municipality of Syracuse, to pay the sum of 5,000 (five thousand) euros according to the methods indicated in the attachment, within 30 days of notification of this provision, under penalty of the adoption of the consequent executive acts in accordance with the art. 27 of the law. n. 689/1981.
In this regard, please note that the right remains for the violator to settle the dispute through the payment - always according to the methods indicated in the annex - of an amount equal to half of the sanction imposed, within 30 days from the date of notification of this provision, pursuant to art. 166, paragraph 8, of the Code (see also art. 10, paragraph 3, of Legislative Decree no. 150 of 1/9/2011);

HAS

the publication of this provision on the Guarantor's website pursuant to art. 166, paragraph 7, of the Code;

the annotation of this provision in the internal register of the Authority, provided for by the art. 57, par. 1, letter. u), of the Regulation, of violations and measures adopted in compliance with the art. 58, par. 2, of the Regulation.

Pursuant to the articles. 78 of the Regulation, 152 of the Code and 10 of Legislative Decree no. 150/2011, it is possible to appeal against this provision before the ordinary judicial authority, under penalty of inadmissibility, within thirty days from the date of communication of the provision itself or within sixty days if the appellant resides abroad.

Rome, 11 January 2024

PRESIDENT
Stantion

THE SPEAKER
Stantion

THE GENERAL SECRETARY
Mattei