Garante per la protezione dei dati personali (Italy) - 10103653
From GDPRhub
| Garante per la protezione dei dati personali - 10103653 | |
|---|---|
 | |
| Authority: | Garante per la protezione dei dati personali (Italy) |
| Jurisdiction: | Italy |
| Relevant Law: | Article 5(1)(a) GDPR Article 13 GDPR |
| Type: | Complaint |
| Outcome: | Upheld |
| Started: | |
| Decided: | |
| Published: | 27.11.2024 |
| Fine: | 20,000 EUR |
| Parties: | Sintesi Evolution S.r.l |
| National Case Number/Name: | 10103653 |
| European Case Law Identifier: | n/a |
| Appeal: | Unknown |
| Original Language(s): | Italian |
| Original Source: | Garante (in IT) |
| Initial Contributor: | elu |
The DPA imposed a €20,000 fine on a sales agent due to their failure to verify the customer’s identity which resulted in five contracts fraudulently being opened in their name and with their bank information.
English Summary
Facts
The data subject complained against her telephone service provider Vodaphone before the DPA. The complaint concerned unusual charges on her bank account from the telephone provider Vodaphone Italia S.p.A, starting from 2023. The data subject managed to get some reimbursements from the client care service, but then an operator informed her about the installation of different devices on an unknown address.
Moreover, the data subject found that different invoices were issues concerning new phone lines, SIMs Wifi routers and other devices that she never requested. Thus, the data subject advanced an access request as per Article 15 GDPR. Vodaphone confirmed that there were four contracts with her name on it but with fake signature, address, phone numbers and emails. All contracts were concluded at the same office of the controller, which is a sales agent of Vodaphone.
The DPA decided to start an investigation in this regard and advanced a request for information to the controller. Vodaphone stated that five contracts were opened with the data subject’s name. All of these contracts resulted only partially active and all of them were concluded in the same Vodaphone store from their partner Sintesi Evolution S.r.l.
Vodaphone confirmed that it deactivated the active data backup SIMs, refunded the amounts charged to the data subject, processed and confirmed receipt of the data access requests, and that it has initiated a change of customer data to a new IT platform to enable customers to receive immediate email and mobile notifications when new SIMs or fixed networks are activated.
In light of these information, the DPA deemed it appropriate to advance a request for information to Sintesi Evolution S.r.l as well. This request revealed that the employee who opened the five contract was always the same employee.
This employee was, by contract, required to identify the customer before the delivery of the SIM card, the acquisition of personal data from a valid document of identity, and to collect and send to Vodafone all documentation, to store of copies of the same documentation.
Holding
The DPA deemed it necessary to first identify who the controller is. The DPA held that Sintesi Evolution S.r.l is the controller. In fact, as highlighted by a previous decision of the DPA, agents and resellers can be considered controllers for the purpose of the activation of services when, based on the manner of their activities, they exercise real and completely autonomous decision-making power over the manner and purpose of the processing carried out in their own sphere. In the case at hand, Sintesi Evolution S.r.l, activating the recalled services without having followed the customer identification procedures established by Vodafone in the franchise agreement entered into by Vodafone itself with the Sintesi Evolution S.r.l, has, in the case at hand, assumed the legal status of controller.
The DPA found that the controller failed to inform the data subject of the information collected concerning her as per Article 13 GDPR.
Additionally, the DPA found that the processing was unlawful, as per Article 5(1)(a) GDPR, due to the fact that the controller did not verify the information on the identity of the users stipulating the contract.
To conclude, the DPA imposed a fine of €20,000 due to the violation of Article 13 GDPR and Article 5(1)(a) GDPR.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Italian original. Please refer to the Italian original for more details.
[web doc. no. 10103653]
Provision of 27 November 2024
Register of provisions
no. 735 of 27 November 2024
THE GUARANTOR FOR THE PROTECTION OF PERSONAL DATA
IN today's meeting, attended by Prof. Pasquale Stanzione, President, Dr. Agostino Ghiglia and the lawyer Guido Scorza, members and Councillor Fabio Mattei, Secretary General;
SEEN Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter “Regulation”);
HAVING SEEN the Personal Data Protection Code (Legislative Decree no. 196 of 30 June 2003), as amended by Legislative Decree no. 101 of 10 August 2018, containing provisions for the adaptation of the national legal system to the aforementioned Regulation (hereinafter the “Code”);
HAVING SEEN the documentation in the files;
HAVING SEEN the observations formulated by the Secretary General pursuant to art. 15 of the Regulation of the Guarantor no. 1/2000, adopted with resolution of 28 June 2000;
REPORTER: Attorney Guido Scorza;
1. THE INVESTIGATIVE ACTIVITY CARRIED OUT
1.1. Introduction
With communication prot. no. 61109 of 20 May 2024 (notified on the same date by certified e-mail), which must be considered fully referred to here, the Office has initiated, pursuant to art. 166, paragraph 5, of the Code, a proceeding for the adoption of the measures referred to in art. 58, paragraph 2, of the Regulation against Sintesi Evolution s.r.l., in the person of the legal representative pro-tempore, with registered office in Milan, via Boccaccio n. 34, c.f. 11605580965.
The proceeding originates from an investigation initiated by the Authority, following the transmission of a report with which Ms. XX represented that, starting from the beginning of 2023, she had found suspicious charges on her current account by the telephone company Vodafone Italia S.p.A. After initial refunds by customer service, the situation worsened with the arrival of a call from a technician for the installation of equipment registered to her at an unknown address. By consulting her tax drawer, Mrs. XX discovered the issuance of several invoices relating to the activation of telephone lines, data SIMs, routers and other equipment that she had never requested. On 24 November 2023, Mrs. XX sent Vodafone a request for access to her personal data, receiving in response confirmation of the existence of four contracts registered in her name, but with a forged signature, street addresses, telephone numbers and email addresses unknown to her. All the contracts were found to have been activated at the Casale Monferrato sales point of the Sintesi Evolution s.r.l. agency. On 19 December 2023, Mrs. XX therefore filed a complaint with the Casale Monferrato Police Station, complaining about the fraudulent use of her personal data to activate the contracts without her knowledge. At the same time, Mrs. XX requested Vodafone: to immediately cancel all the contracts registered in her name that were found to have been activated without her knowledge and with falsified data; the immediate termination of all numbers reported in the aforementioned contracts; clarifications on how it was possible that third parties had accessed his personal data and used them fraudulently to activate contracts in his name; further information on the actions of the agency Sintesi Evolution s.r.l. and of the people who had physically signed the contracts by falsifying his signature and data.
1.2. The request for information formulated by the Authority
The Office, having examined the circumstances reported in the report and the documentation attached thereto, requested Vodafone Italia S.p.A., with a note dated 14 March 2024, to provide its observations regarding the reporting party's statements and to clarify whether it intended to comply with his requests.
With a note dated 2 April 2024, Vodafone provided feedback declaring that, during 2023, five contracts had been stipulated for the supply of fixed network Voice and Data services with backup SIM cards in the name of the reporting party. None of these contracts had completed the activation of the fixed network service, but the data backup SIMs had been activated at the time of sale, as is standard practice to allow browsing while waiting for the Internet line to be activated. All contracts appeared to come from the same Vodafone Store of the partner Sintesi Evolution S.r.l. Only two of the five data backup SIMs had recorded traffic: one with eight browsing events, the other with eighteen browsing events and two SMS. The note provided the details of each contract, including assigned phone number, tariff plan, activation and deactivation date of the backup SIM, and traffic carried out.
As for the initiatives undertaken by Vodafone following receipt of the Authority's request, the telephone company stated that it had promptly deactivated the active data backup SIM cards and refunded the amounts charged to the reporting party, that it had processed the requests for access to the data submitted by the latter, that it had communicated to the customer the acceptance of her request for disavowal and that it had started a migration of customer data to a new IT platform, to allow them to receive immediate notifications by email and mobile phone when activating new SIM cards or fixed networks.
With reference to the measures against the dealer, Vodafone stated that it had started an internal investigation to assess the responsibilities of the point of sale, at the end of which it had sent two warnings to Sintesi Evolution, the second with a penalty of 3,000 euros. Vodafone also stated that the dealer had terminated the employment relationship with one of the two salespeople present at the time of the facts and was conducting further investigations into the work of all the employees at the point of sale.
The Office therefore proceeded, with a note dated 16 April 2024, to request Sintesi Evolution to provide information and documents relating to the activation of the five supplies of fixed network Voice and Data services, on behalf of Vodafone Italia S.p.A., registered to Ms. XX.
The Company, in the response sent with a note dated 2 May 2024, confirmed that the activation of the contracts had taken place at the Casale Monferrato point of sale, managed by an employee of Sintesi Evolution, highlighting that this employee had not followed the correct procedures for the aforementioned activations.
The Company, as requested by the Guarantor, produced a copy of the “Franchising Light” contract between Vodafone Italia S.p.A. and Sintesi Evolution s.r.l., from which it is noted that Article 6.17 establishes the obligation of the reseller to correctly identify customers. This obligation extends to the transmission to Vodafone and the retention of the related documentation pursuant to Article 12.4. Article 6.18 reiterates the dealer's responsibility for the correct fulfillment of the legal and regulatory obligations that govern the exercise of its activity, including the identification of customers, the collection and storage of documents, and the processing of customers' personal data. Finally, art. 12.4 of the aforementioned contract describes in detail the procedures that the dealer must follow to activate the service. These include the identification of the customer before delivery of the SIM card, the acquisition of personal data from a valid identity document, the collection and sending to Vodafone of all documentation, the archiving and storage of a copy of the documentation itself, and the communication to the Customer of the methods for completing the contract.
The aforementioned contract also provides that the reseller must participate in training courses organized by Vodafone, including those on the legislation on personal data protection: in this regard, the Company represented that the employee involved in the illicit activation of the SIM cards registered to the reporting party had completed the “GDPR DEALERS” course in 2019, as certified by Vodafone in an email dated March 29, 2024.
1.3. Contestation of the violations
The Office, following the investigation, adopted the aforementioned contestation act no. 61109 of May 20, 2024 in which, first of all, it observed that Vodafone Italia S.p.A. appears exempt from liability, as it appears to have blocked the contested supplies as soon as it became aware of the anomalies and to have guaranteed Mrs. XX the exercise of her rights pursuant to Regulation (EU) 2016/679. Vodafone also offered Mrs. XX compensation. More generally, the telephone company has clarified, also in the contract, the binding terms of the customer identification procedures at the time of activation of a service, as provided for by articles 6.17 ("The Reseller is required to guarantee the correct identification of Customers, the transmission to Vodafone and the conservation of the relative documentation pursuant to the subsequent art. 12.4, ensuring full availability for the necessary support activities in the event of errors or omissions for what is requested above") and 12.4 of the franchising contract stipulated with Sintesi Evolution. Finally, Vodafone has adopted measures against the dealer consisting of sending two formal warnings, the first on 15 January 2024 and the second on 14 February 2024. The second warning included a penalty of 3,000 euros. Vodafone has also reversed the remuneration to the point of sale for undue activations. As regards Sintesi Evolution, the Office noted that the Company, as a sales agent for Vodafone, activated five contracts for fixed-line and data services in the name of Mrs. XX without following the procedures, provided for in the contract with Vodafone, for identifying the customer. Although the franchising contract between Vodafone and Sintesi Evolution provides that the reseller must ensure the correct identification of customers, Sintesi Evolution could not deny that four of the five contested contracts bore "likely apocryphal" signatures and that for the remaining contract the purchase proposal, the identity document and the signature had not been archived.
Although Sintesi Evolution attributed the unlawful conduct to the independent initiative of one of its employees, the Office noted that sufficient elements were not provided to exclude the liability of the Company, which should have implemented a system of random checks to verify the correctness and completeness of the documentation acquired for the activation of supplies, including identity documents, purchase proposals and signatures, carried out in-depth investigations to ascertain the causes of any disavowals and monitor the computer and paper archives, to intercept any anomalies, such as the presence of copies of identity documents stored without authorization.
It was also highlighted that Sintesi Evolution had contractually committed to Vodafone to employ suitable and adequately trained personnel, while it appears that the employee who committed the unlawful activations had only participated in a privacy course held in 2019.
The Office therefore considered that Sintesi Evolution had processed Mrs. XX's data in violation of the principle of lawfulness and in the absence of an appropriate legal basis pursuant to the Regulation. Furthermore, the Company's conduct has determined the violation of the provisions of art. 13 of the Regulation, concerning the obligation to provide information.
On the basis of the above observations, the Office has contested Sintesi Evolution for the following alleged violations:
a) art. 5, par. 1, letter a), and 6 of the Regulation, for having processed the personal data of the interested party in violation of the principle of lawfulness and in the absence of an appropriate legal basis;
b) art. 13 of the Regulation, for having failed to provide the interested party with the necessary information provided therein.
2. EXERCISE OF THE RIGHT OF DEFENSE BY THE DATA CONTROLLER
The party, exercising its right to be heard within the terms established by law, has presented written defenses with which it has attributed the responsibility for the violations exclusively to the employee of the Casale Monferrato store who proceeded with the undue activations. The Company reiterated that the employee acted autonomously and maliciously, probably to profit from company bonuses awarded in the event of reaching certain sales targets, evading internal controls, despite his training acquired during Vodafone's "GDPR Dealers Course". Sintesi Evolution highlighted that the employee's conduct was an isolated event, not representative of the company culture and that the employee in question was subject to disciplinary proceedings that led to his dismissal.
Sintesi Evolution also represented that the control systems that could be activated at company level were, in reality, the same ones available to Vodafone because they were implemented at IT level and if these systems did not allow the interception of the illicit conduct of its employee, this essentially depended on the will of the employee to evade them.
Sintesi Evolution finally underlined the absence of previous violations in terms of personal data protection and its commitment to improve the internal control system, also through awareness-raising activities for all staff. The Company emphasized its good faith and willingness to comply with privacy regulations and drew attention to its difficult financial situation and the risk of compromising its financial stability in the event of high financial penalties.
3. AUTHORITY'S ASSESSMENTS
The arguments put forward by Sintesi Evolution are not suitable for excluding its liability for the alleged violations.
The documents fully confirm the circumstance that Sintesi Evolution, operating as a Vodafone dealer, activated five fixed-line and data telephone service contracts in the name of the reporting party, without the latter having requested them and/or having gone to the company sales point in Casale Monferrato and therefore without following Vodafone's procedures for identifying the customer. The latter was able to become aware of the activations only following debits to her current account and by consulting the "tax drawer" made available to taxpayers by the Revenue Agency.
This circumstance was also represented by the reporting party in the complaint to the Judicial Police and, in addition to being confirmed by Vodafone, it is also peacefully admitted by Sintesi Evolution.
With regard to the identification of the role of the Company, it is necessary to first recall the general provision on unsolicited telephone services, adopted by the Authority on 16 February 2006 and published in the Official Journal no. 54 of 6 March 2006 (in www.gpdp.it, web doc. no. 1242592), in the part where it highlights that "agents and retailers have the status of independent data controllers of the processing of data used for the purposes of activating services when, based on the methods of their activity, they exercise a real and completely autonomous decision-making power on the methods and purposes of the processing carried out within their own sphere", and then, among others, the provision adopted against a Vodafone dealer operating in the province of Brescia (provision no. 293 of 13 May 2015, in www.gpdp.it, web doc. no. 4210697), where it is stated that "with reference to the operations aimed at activating telephone cards in the absence of the owner and without acquiring a valid document, the company carried out processing of personal data by exercising a decision-making power that was completely autonomous and unbound by the provisions that bound it to the telephone operator and to the Master dealer, assuming the legal role of data controller, as outlined in the aforementioned provision of the Guarantor of 16 February 2006”. This last provision was submitted to the scrutiny of the First Civil Section of the Court of Cassation which, with Order no. 21234 of 23 July 2021, reiterated “that only the person who has been appointed to the processing by the “owner” and who has complied with the instructions given by the latter in explanation of his decision-making power can assert the quality of “data controller”; it follows that where this does not happen, the “responsible” may be recognized as the “owner” in concrete terms of the processing, by virtue of the decision-making and management autonomy manifested even by disregarding the provisions of the “owner””. On the basis of these considerations, Sintesi Evolution, by activating the aforementioned services without having followed the customer identification procedures established by Vodafone in the franchising agreement stipulated by Vodafone with the Company, has, in the case in question, assumed the legal status of the independent data controller, as already indicated several times in numerous provisions of the Guarantor (for all, provision no. 405 of 14 September 2023, in www.gpdp.it, web doc. no. 9936215; provision no. 159 of 22 February 2024, web doc. no. 10007895).
Having established, in the case in question, that Sintesi Evolution is the data controller, the conduct of the Company as it emerged from the investigation results in the violation of the provisions of the Regulation on information, since the Company proceeded to process the personal data of the reporting party without having provided the latter with the necessary information pursuant to art. 13, as well as the violation of the provisions on the suitability of the legal basis of the processing, since the use of the identification data and personal documents of the interested party was carried out without the latter being aware of it and having expressed the will to perfect a contract for the activation of fixed telephony and data services. From this latter conduct also derives the violation of the principle of lawfulness expressed in art. 5, par. 1, letter a), of the Regulation.
The Company's assertions regarding the circumstance that the violation would have been materially carried out by an employee who would have independently departed from the provisions reported in the franchising contract that binds Sintesi Evolution with Vodafone are irrelevant. In fact, the Company, in addition to not having disclosed the specific factual circumstances that determined the repeated undue activations, has not even described the measures and precautions ordinarily put in place to ensure that its employees correctly carry out customer identification activities under the direct authority of the Company itself, beyond those already prepared by Vodafone at an IT level, which however do not exempt Sintesi Evolution from carrying out further control and verification activities, potentially more effective because they are carried out in the context of the activations and use of the sales tools made available by the telephone company to customers. Furthermore, the Company has not clarified whether, in addition to adopting measures against the employee who carried out the illicit activations, it has carried out specific and in-depth checks, in particular at the Casale Monferrato sales point, in order to ascertain whether the conduct of the aforementioned employee should be considered episodic or symptomatic of a more widespread and consolidated practice aimed at evading company and legal provisions for the correct processing of personal data, in particular in the sale of telephone services.
Sintesi Evolution's liability must therefore be confirmed for the violations contested under sections a) and b).
4. CONCLUSIONS
For the above reasons, Sintesi Evolution's liability is deemed to be ascertained for the following violations:
a) art. 5, par. 1, letter a), and 6 of the Regulation, for having processed the personal data of the interested party in violation of the principle of lawfulness and in the absence of an appropriate legal basis;
b) art. 13 of the Regulation, for having failed to provide the interested party with the necessary information required therein.
Having also ascertained the unlawfulness of the processing under examination, it is necessary to:
- impose on Sintesi Evolution, pursuant to art. 58, par. 2, letter f) of the Regulation, the prohibition of any further processing of the reporting party's data;
- adopt an injunction order, pursuant to art. 166, paragraph 7, of the Code and 18 of law no. 689/1981, for the application against Sintesi Evolution of the administrative pecuniary sanction provided for by art. 83, par. 3 and 5, of the Regulation.
1. INJUNCTION ORDER FOR THE APPLICATION OF THE ADMINISTRATIVE PECUNIARY SANCTION
The violations indicated above require the adoption of an injunction order, pursuant to art. 166, paragraph 7, of the Code and 18 of law no. 689/1981, for the application to Sintesi Evolution of the administrative pecuniary sanction provided for by art. 83, paragraphs 3 and 5, of the Regulation (payment of a sum of up to € 20,000,000.00 or, for companies, up to 4% of the annual worldwide turnover of the previous financial year, if higher);
To determine the maximum amount of the pecuniary sanction, it is therefore necessary to refer to the turnover of Sintesi Evolution, as obtained from the latest available financial statement (2023) in accordance with the previous provisions adopted by the Authority, and therefore this maximum amount is determined, in the case in question, at € 20,000,000.
To determine the amount of the sanction, it is necessary to take into account the elements indicated in art. 83, paragraph 2, of the Regulation.
In the case in question, the following are relevant:
1) the seriousness of the violations (Article 83, paragraph 2, letter a) of the Regulation), taking into account the object and purposes of the data processed, attributable to the overall phenomenon of illicit activations of telephone services, potentially capable of creating further and much more alarming illegalities and of constituting an obstacle to the prevention and repression of crimes, including those of an associative nature, as well as a harbinger of significant economic damages to the persons involved;
2) as a mitigating factor, the number of subjects affected by the violations (Article 83, paragraph 2, letter a) of the Regulation) since, at present, the illicit conduct has been reported only by Ms XX;
3) as an aggravating factor, the significantly negligent nature of the Company's conduct (Article 83, paragraph 2, letter b) of the Regulation), which did not implement procedures to verify the correctness of the customer identification activities carried out by its employees and did not monitor possible phenomena of illicit activations aimed at the alleged acquisition of company prizes;
4) as an aggravating factor, the categories of data processed (Article 83, paragraph 2, letter g) of the Regulation), since it emerged that such data also related to the payment methods used by the reporting party; 5) as a mitigating factor, the circumstance that the Company has not previously been the recipient of a corrective and sanctioning measure by the Guarantor Authority (Article 83, paragraph 2, letter e) of the Regulation).
Based on the set of elements indicated above, and on the principles of effectiveness, proportionality and dissuasiveness provided for by Article 83, par. 1, of the Regulation, and taking into account the necessary balance between the rights of the interested parties and the freedom of enterprise, also in order to limit the economic impact of the sanction on the organizational and functional needs of the Company, it is believed that the administrative sanction of the payment of a sum of €20,000.00 (twenty thousand/00), equal to 0.1% of the maximum sanction, should be applied to Sintesi Evolution.
In the case in question, it is believed that the accessory sanction of the publication on the website of the Guarantor of this injunction order, provided for by art. 166, paragraph 7 of the Code and art. 16 of the Guarantor Regulation no. 1/2019, should also be applied, taking into account the particular seriousness of the violations and the disvalue of the conduct both with reference to the evasion of public safety regulations related to the identification of telephone users, and with regard to the number of subjects potentially involved and the economic damage possibly suffered by them.
Finally, the conditions set out in art. 17 of Regulation no. 1/2019 concerning internal procedures with external relevance, aimed at carrying out the tasks and exercising the powers delegated to the Guarantor.
GIVEN ALL THE ABOVE, THE GUARANTOR
a) imposes on Sintesi Evolution, pursuant to art. 58, par. 2, letter f) of the Regulation, the prohibition of any further processing of the reporting party's data;
b) orders Sintesi Evolution, pursuant to art. 157 of the Code, to communicate to the Authority, within thirty days of notification of this provision, the initiatives undertaken in order to implement the measure imposed; any failure to comply with the provisions of this point may result in the application of the administrative pecuniary sanction provided for by art. 83, paragraph 5, of the Regulation.
ORDERS
to Sintesi Evolution s.r.l., in the person of its legal representative pro-tempore, with registered office in Milan, via Boccaccio n. 34, c.f. 11605580965, to pay the sum of €20,000.00 (twenty thousand/00) as an administrative fine for the violations indicated in the reasons, representing that the offender, pursuant to art. 166, paragraph 8, of the Code has the right to settle the dispute, by complying with the instructions given and paying, within thirty days, an amount equal to half of the fine imposed.
ORDERS
the aforementioned Company, in the event of failure to settle the dispute pursuant to art. 166, paragraph 8, of the Code, to pay the sum of €20,000.00 (twenty thousand/00), according to the methods indicated in the attachment, within 30 days of notification of this provision, under penalty of adopting the consequent executive actions pursuant to art. 27 of Law no. 689/1981.
ORDERS
a) the publication of this provision, pursuant to articles 154-bis of the Code and 37 of Regulation no. 1/2019, as well as the application of the accessory sanction of the publication on the website of the Guarantor of this injunction order, as provided for by articles 166, paragraph 7 of the Code and 16 of the Guarantor Regulation no. 1/2019;
b) the annotation of this provision in the internal register of the Authority - provided for by art. 57, par. 1, letter u), of the Regulation, as well as by art. 17 of Regulation no. 1/2019 concerning internal procedures having external relevance, aimed at carrying out the tasks and exercising the powers delegated to the Guarantor - relating to the violations and measures adopted in accordance with art. 58, par. 2, of the Regulation itself.
Pursuant to art. 78 of the Regulation, as well as articles 152 of the Code and 10 of Legislative Decree no. 150/2011, of Legislative Decree no. 150 of 1 September 2011, an appeal against this provision may be lodged with the ordinary judicial authority, with an appeal filed with the ordinary court of the place where the data controller is resident, or, alternatively, with the court of the place of residence of the interested party, within thirty days from the date of communication of the provision itself, or sixty days if the appellant resides abroad.
Rome, 27 November 2024
THE PRESIDENT
Stanzione
THE REPORTER
Scorza
THE GENERAL SECRETARY
Mattei
