The Italian Data Protection Authority (GPDG) is under criminal investigation following raids on its Rome headquarters by the country’s Financial Guard (GdF).
The probe into the data protection watchdog, led by Rome prosecutors under deputy prosecutor Giuseppe De Falco, targets the authority’s entire board: President Pasquale Stanzione and members Ginevra Cerrina Feroni, Agostino Ghiglia, and Guido Scorza.
They face allegations of embezzlement, misuse of public funds and corruption, stemming from inquiries into representative expenses and decision-making processes.
The probe and yesterday’s raids were triggered by investigative reports by public broadcaster Rai’s Report programme, presented by Sigfrido Ranucci.
These highlighted a sharp rise in spending claims, up from around €20,000 in 2021 to €400,000 in 2024. They covered items such as business-class flights on short routes, luxury hotels exceeding permitted standards, high-end purchases and private use of official cars and services.
After appearing frugal in the early years of his term, Stanzione shifted to seemingly less restrained operations. This included renting a flat in Rome’s historic centre at Piazza della Pigna, right next to a B&B run by his daughters, Roma Corriere reports.
The monthly rent rose from €2,900 to €3,700 following a private renegotiation that was not formally notified to the authority, it is claimed.
The institutional credit card of the authority was used for hairdresser visits, fitness and spa.
Italian prosecutors accuse the suspects while “having the availability of public money for reasons of their office, they appropriated it through the request for reimbursement for expenses made for purposes unrelated to the exercise of the mandate for an amount yet to be quantified” and of having “used the service car for purposes unrelated to the public function”.
A key focus involves potential corruption in regulatory decisions.
The GPDG documents reportedly proposed an initial fine of approximately €44 million against US giant’s Meta for privacy violations linked to its first-generation Ray-Ban Stories smart glasses. They were launched in 2021.
Concerns were raised due to their ability to record people without their obvious consent and the subsequent use of that data by Meta, without adequate notice or consent under GDPR.
Following an alleged meeting between Ghiglia and Meta’s Italian institutional relations manager Angelo Mazzetti — the day before the final vote — the proposed sanction was reduced, first to €17 million later to €12.5 million. Ultimately that came down to €1 million.
This prompted suspicions of influence peddling and opaque procedures, potentially costing the Italian state millions in foregone penalties.
Additional elements under scrutiny include the handling of a case against Ita Airways, where no substantial sanction was imposed despite identified irregularities in data processing and monitoring.
Another GPDG board member, Guido Scorza, has past professional ties via his law firm to an individual who served as Ita Airways’ data protection officer during the relevant period.
The GPDG has been one of the European Union’s most assertive regulators against US tech firms, issuing bans and fines on platforms such as Open AI’s ChatGPT, Meta and others over AI risks, data transfers and consent issues.
The irony of the watchdog itself facing corruption allegations has drawn attention across Italian media, with many outlets noting that the accuser has become the accused.
Stanzione, speaking to reporters outside the headquarters yesterday, described the accusations as “totally unfounded” and stated he was “absolutely calm” and had no intention of resigning.
“Abandoning ship in the storm would be a dangerous precedent,” Stanzione.
The GPDG continues to function pending further developments.
No charges have been proven and the investigation remains in its early stages, with seized documents, phones and computers under review.
