HM Hospitales – €48,000 Fine (Spain, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
HM Hospitales was fined for using a consent form that assumed patient agreement to share their data unless they opted out. This is important because consent must be actively given, not assumed through inaction.
What happened
HM Hospitales used a form where patients had to uncheck a box to refuse sharing their data with third parties.
Who was affected
Patients admitted to HM Hospitales who filled out the consent form were affected.
What the authority found
The Spanish data protection authority fined the hospital for violating GDPR by not obtaining clear consent from patients.
Why this matters
This case underscores the need for businesses to ensure consent is explicit and informed, not assumed by default, aligning with GDPR's strict consent requirements.
GDPR Articles Cited
The data subject stated that at the time of his admission to hospital he had to fill in a form containing a checkbox indicating that, if he did not tick it, he agreed to the transfer of his data to third parties. This form, provided by HM, was not compatible with the GDPR, since consent was to be obtained through the inactivity of the data subject.
Related Enforcement Actions (0)
No other enforcement actions found for HM Hospitales in ES
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
25 February 2020
Authority
Agencia Española de Protección de Datos
Fine Amount
€48,000
Enforcement Tracker ID
ETid-216
About this data
Cite as: Cookie Fines. HM Hospitales - Spain (2020). Retrieved from cookiefines.eu
Last updated: