Apotheka e-apteek – €100,000 Fine (Estonia, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Estonia fined Apotheka e-apteek EUR 100,000 for letting third parties view people's prescription data without their consent. This matters because it highlights the importance of protecting sensitive health information online. Businesses must ensure they have proper consent before sharing personal data.
What happened
Apotheka e-apteek allowed third parties to access prescription data without user consent.
Who was affected
Individuals whose prescription information was accessed by others without their permission.
What the authority found
The Estonian authority found that Apotheka e-apteek processed personal data without a valid legal basis, violating GDPR rules on consent.
Why this matters
This case underscores the need for online businesses to verify consent before sharing personal data, especially sensitive health information. It serves as a warning to companies to review their data handling practices to avoid hefty fines.
GDPR Articles Cited
The Estonian DPA (Andmekaitse Inspektsioon) fined three online pharmacies EUR 100,000 each for processing personal data without the consent of the data subjects. The data in question are prescriptions for medicines of the data subjects. Third parties were able to view another person's current prescriptions in the e-pharmacy environment without their consent, based only on access to their personal identification code. The DPA highlighted that while it must be possible to purchase prescription drugs for other people, it is the responsibility of the company to ensure that the processing of the personal data required for this purpose only takes place with the consent of the data subjects. The confirmation of another person that they may access the data, however, does not correspond to the voluntary consent of the prescription holder, since the e-pharmacy cannot check whether and for what purpose the consent was given and whether it was given voluntarily.
Related Enforcement Actions (0)
No other enforcement actions found for Apotheka e-apteek in EE
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
1 December 2020
Authority
Andmekaitse Inspektsioon
Fine Amount
€100,000
Enforcement Tracker ID
ETid-516
About this data
Cite as: Cookie Fines. Apotheka e-apteek - Estonia (2020). Retrieved from cookiefines.eu
Last updated: