Italy’s data protection authority has fined Poste Italiane and its payments card unit PostePay for alleged unlawful processing of users’ personal data.
According to a Reuters report, the Privacy Authority imposed penalties totalling more than €12.5m ($14.7m). The case concerns alleged data processing linked to BancoPosta, Poste Italiane’s postal savings and financial services division, and PostePay users.
Go deeper with GlobalData
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
The watchdog said some mobile-app functions designed to detect malicious software were overly intrusive. It also cited several alleged breaches of data protection rules, including insufficient information provided to users and the lack of an adequate data protection impact assessment.
In a statement shared with Electronic Payments International, Poste Italiane expressed “astonishment” by the measure and rejected the findings, stating it considers its conduct correct and transparent.
“In this regard, it is emphasised that on 2 February 2026 the Lazio Regional Administrative Court (TAR Lazio) annulled the measure by which the Antitrust Authority had sanctioned Poste Italiane for an alleged unfair commercial practice relating to the same anti-fraud device that is the subject of the Authority’s criticisms today, recognising its full legitimacy and the absence of any commercial intent whatsoever in Poste’s conduct,” it said.
The group added that it accessed customers’ device technical data “exclusively” to activate anti-fraud and anti-malware protections. It further said that these measures were required under European rules, citing the PSD2 Directive, and were intended to protect users’ security.
Poste Italiane plans to appeal to the Court of Rome seeking annulment of the decision.
