Tusla Child and Family Agency – €75,000 Fine (Ireland, 2020)

€75,000Data Protection Commission17 May 2020Ireland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Ireland's Data Protection Commission fined Tusla Child and Family Agency €75,000 for mistakenly sharing personal data about children with unauthorized people. This included sensitive information about a mother and child given to an alleged offender. The case highlights the importance of safeguarding personal data, especially when it involves vulnerable groups like children.

What happened

Tusla Child and Family Agency mistakenly disclosed personal data about children to unauthorized individuals.

Who was affected

Children and families whose personal data was improperly shared, including a mother and child whose information was given to an alleged offender.

What the authority found

The Data Protection Commission found that Tusla violated GDPR by not properly protecting personal data, particularly sensitive information about children.

Why this matters

This fine underscores the critical need for organizations handling sensitive data, especially about children, to implement strict data protection measures. It serves as a warning to agencies to review their data handling practices to avoid similar breaches.

GDPR Articles Cited

Art. 5(GDPR)
Art. 6(GDPR)
Ireland enforcementData Protection Commission actionsAll Tusla Child and Family Agency actions
Full Legal Summary
Detailed

The company has erroneously disclosed personal data, including information about children, to unauthorized persons. In one case, the contact and location data of a mother and a child were disclosed to an alleged offender, and in two other cases, data about children in foster care were improperly disclosed to blood relatives, including in one case to a father in prison.

Related Enforcement Actions (2)

Other enforcement actions involving Tusla Child and Family Agency in IE

Current
May 2020

Fine

€75K

Fine
Jun 2020· Data Protection Commission

The organization sent a letter with abuse allegations to a third party who then uploaded it to social networks.

€40K
Fine
Aug 2020· Data Protection Commission

The Irish DPA (DPC) fined Tusla Child and Family Agency EUR 85,000. The controller had reported 71 data breaches to the Irish DPA that occurred betwee...

€85K

Details

Fine Date

17 May 2020

Authority

Data Protection Commission

Fine Amount

€75,000

Enforcement Tracker ID

ETid-278

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Tusla Child and Family Agency - Ireland (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: