Covid-19 test center – €2,700 Fine (Germany, 2022)

€2,700Bundesbeauftragter für den Datenschutz1 January 2022Germany
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A Covid-19 test center in Germany was fined €2,700 for sending unencrypted emails with test results. This meant that anyone with the right link could access not just their own results but also those of others. This case highlights the importance of securing personal information to protect people's privacy.

What happened

The test center sent unencrypted emails containing URLs that allowed access to test results without proper security measures.

Who was affected

Visitors who received test results via email from the Covid-19 test center were affected.

What the authority found

The authority found that the test center failed to implement adequate security measures, violating GDPR's requirement for data protection.

Why this matters

This ruling emphasizes that businesses must take necessary steps to protect personal data. Companies should ensure that any sensitive information is securely transmitted to prevent unauthorized access.

GDPR Articles Cited

AI-verified

Art. 32(1) GDPR
View original scraped data
Art. 32(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 15 March 2026
authority corrected
Germany enforcementBundesbeauftragter für den Datenschutz actionsAll Covid-19 test center actions
Full Legal Summary
Detailed

The DPA of Hamburg has imposed a fine of EUR 2,700 on a Covid-19 test center. The test center had send the data subjects an unencrypted e-mail containing a URL that allowed them to access the test result without taking any further security measures. In some cases, the download link was structured in a way that led to the download of a PDF file with the file name corresponding to the last name of the person tested. With knowledge of the directory path, it was therefore possible to view third-party test results.

Related Enforcement Actions (2)

Other enforcement actions involving Covid-19 test center in DE

Fine
Jan 2022· Bundesbeauftragter für den Datenschutz

The DPA of Hessen has fined a Covid-19 test center EUR 16,400. The controller had sent an e-mail containing personal data to several recipients in an ...

€16K
Fine
Jan 2022· Bundesbeauftragter für den Datenschutz

The DPA of Hessen imposed a fine of EUR 1,800 on a Covid-19 test center. An employee had taken an adhesive label from the trash, written the test cent...

€2K
Current
Jan 2022

Fine

€3K

Details

Fine Date

1 January 2022

Authority

Bundesbeauftragter für den Datenschutz

Fine Amount

€2,700

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Covid-19 test center - Germany (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: