Azienda Ospedale-Università Padova – €5,000 Fine (Italy, 2023)

€5,000Garante per la protezione dei dati personali11 January 2023Italy
final
ePrivacy
Fine

Azienda Ospedale-Università Padova was fined €5,000 for mishandling personal data by sending an email that revealed the addresses of multiple recipients. This incident matters because it shows the importance of protecting personal information and obtaining consent before sharing it. Small businesses should ensure they handle personal data carefully to avoid similar issues.

What happened

Azienda Ospedale-Università Padova sent an email with consent forms that exposed the email addresses of 19 recipients.

Who was affected

Recipients of the email who were invited to participate in a clinical trial were affected.

What the authority found

The Italian data protection authority found that the company violated GDPR rules by not protecting personal data and failing to obtain proper consent.

Why this matters

This case highlights the need for companies to prioritize data privacy and consent when handling personal information. It serves as a reminder for businesses to implement better data protection practices.

GDPR Articles Cited

AI-verified

Art. 9(GDPR)
Art. 33(GDPR)
Art. 5(1) GDPR
Art. 58(GDPR)
Art. 83(GDPR)
View original scraped data
Art. 5(1) GDPR
Art. 9(GDPR)
Art. 33(GDPR)
Art. 58(GDPR)
Art. 83(GDPR)

Original data from scraper before AI verification against source document.

Source verified 14 March 2026
articles corrected
scope corrected
Italy enforcementGarante per la protezione dei dati personali actionsAll Azienda Ospedale-Università Padova actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 5,000 on Azienda Ospedale-Università Padova. The controller had sent an email containing consent forms for participation in a clinical trial to several recipients in an open distribution list. This allowed the recipients to view the email addresses of all other recipients, 19 in total.

Violations (1)

Cookies Placed Before Consent
critical

Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.

Art. 6(1) GDPR

Related Enforcement Actions (0)

No other enforcement actions found for Azienda Ospedale-Università Padova in IT

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

Minister for Legal Protection

2022 · DPA RbOverijssel

Data Subject versus Telecommunications Company

2025 · DPA OLGKoblenz

Legal Person

2023 · Úřad pro ochranu osobních údajů

€4K

CNIL

2019 · Court of Justice of the European Union

Details

Fine Date

11 January 2023

Authority

Garante per la protezione dei dati personali

Fine Amount

€5,000

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Azienda Ospedale-Università Padova - Italy (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: