In the article by Gaspare Roma, Antonella Terranova, and Adriano Garofalo, published on NT+ Diritto of Il Sole 24 Ore, a recent decision by the Italian Data Protection Authority (no. 113/2026) is analyzed. The case concerns a Foundation, a public-law entity, and a manager dismissed for just cause.
The case revolves around the publication, in the “Transparent Administration” section, of a resolution regarding the dismissal of the manager, including his personal data and freely accessible online.
Following the employee’s complaint, the Authority recognized the precedence of the right to privacy over administrative transparency, contrary to the Foundation’s position. The latter had justified the publication by invoking transparency obligations, the strategic role of the manager, and the fact that the news had already been disclosed, also noting that the data had later been redacted.
The case brings back to the forefront a crucial question: where does the obligation of transparency end, and where does the protection of privacy begin?
But what did the Data Protection Authority actually establish in this case?