Azienda Unità Sanitaria Locale Toscana Sud Est – €100,000 Fine (Italy, 2020)

€100,000Garante per la protezione dei dati personali17 December 2020Italy
final
ePrivacy
Fine

Azienda USL Toscana Sud Est was fined for not properly informing patients about how their health data would be used. The authority found that the company failed to provide clear information and did not take necessary security measures. This case serves as a reminder for healthcare providers to prioritize transparency and data protection.

What happened

Azienda USL Toscana Sud Est did not adequately inform patients about the use and storage of their health data.

Who was affected

Patients whose health data was processed under the 'Sanità di iniziativa' program without proper information.

What the authority found

The Italian authority determined that the company violated multiple GDPR provisions related to transparency and data protection.

Why this matters

This ruling emphasizes the need for healthcare organizations to be transparent about data usage and to implement strong security measures. Companies should ensure they comply with data protection rules to avoid penalties.

GDPR Articles Cited

AI-verified

Art. 13(GDPR)
Art. 14(GDPR)
Art. 28(GDPR)
Art. 30(GDPR)
Art. 35(GDPR)
Art. 5(1)(f) GDPR
Art. 83(1) GDPR
Art. 83(2) GDPR
Art. 83(4)(a) GDPR
Art. 83(5)(b) GDPR
View original scraped data
Art. 5(1)(f) GDPR
Art. 13(GDPR)
Art. 14(GDPR)
Art. 28(GDPR)
Art. 30(GDPR)
Art. 35(GDPR)
Art. 83(1) GDPR
Art. 83(2) GDPR
Art. 83(4)(a) GDPR
Art. 83(5)(b) GDPR

Original data from scraper before AI verification against source document.

Source verified 10 March 2026
articles corrected
national law identified
Italy enforcementGarante per la protezione dei dati personali actionsAll Azienda Unità Sanitaria Locale Toscana Sud Est actions
Full Legal Summary
Detailed

The Italian DPA (Garante) imposed a fine of EUR 100,000 on Azienda USL Toscana Sud Est. The controller is a company in the healthcare sector that, among other things, launched the so-called 'Sanità di iniziativa' (Health Initiative) program. Within the framework of this program, participating healthcare companies transmit data on chronically ill patients to the controller. On the basis of this data, the controller then develops health plans for the patients. The Italian DPA notes several violations of data protection provisions related to this program. For example, when giving consent to the processing of their data, the data subjects were not adequately informed about how long their data would be stored, what rights they had (in particular their rights of complaint and access), and how exactly their data would be processed and for what purpose. In addition, the controller had not kept a register of processing activities. Finally, the controller had neither implemented adequate technical and organizational measures to protect the processing nor conducted a data protection impact assessment, although this would have been necessary due to the nature of the data processed (health data).

Violations (1)

Cookies Placed Before Consent
critical

Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.

Art. 6(1) GDPR

Related Enforcement Actions (0)

No other enforcement actions found for Azienda Unità Sanitaria Locale Toscana Sud Est in IT

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

Minister for Legal Protection

2022 · DPA RbOverijssel

Data Subject versus Telecommunications Company

2025 · DPA OLGKoblenz

Legal Person

2023 · Úřad pro ochranu osobních údajů

€4K

CNIL

2019 · Court of Justice of the European Union

Details

Fine Date

17 December 2020

Authority

Garante per la protezione dei dati personali

Fine Amount

€100,000

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Azienda Unità Sanitaria Locale Toscana Sud Est - Italy (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: