Azeta.ee e-apteek – €100,000 Fine (Estonia, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Azeta.ee e-apteek faced a EUR 100,000 fine in Estonia for letting others see prescription data without consent. This highlights the need for online services to secure user permission before accessing personal information. Companies should review their consent processes to avoid similar issues.
What happened
Azeta.ee e-apteek allowed unauthorized access to prescription data without user consent.
Who was affected
Individuals whose prescription information was accessed without their consent.
What the authority found
The Estonian authority ruled that Azeta.ee e-apteek processed personal data without a valid legal basis, violating GDPR's consent requirements.
Why this matters
This decision emphasizes the importance of obtaining clear consent for data processing, especially for sensitive information. It warns businesses to ensure their data practices comply with privacy laws to avoid fines.
GDPR Articles Cited
The Estonian DPA (Andmekaitse Inspektsioon) fined three online pharmacies EUR 100,000 each for processing personal data without the consent of the data subjects. The data in question are prescriptions for medicines of the data subjects. Third parties were able to view another person's current prescriptions in the e-pharmacy environment without their consent, based only on access to their personal identification code. The DPA highlighted that while it must be possible to purchase prescription drugs for other people, it is the responsibility of the company to ensure that the processing of the personal data required for this purpose only takes place with the consent of the data subjects. The confirmation of another person that they may access the data, however, does not correspond to the voluntary consent of the prescription holder, since the e-pharmacy cannot check whether and for what purpose the consent was given and whether it was given voluntarily.
Related Enforcement Actions (0)
No other enforcement actions found for Azeta.ee e-apteek in EE
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
1 December 2020
Authority
Andmekaitse Inspektsioon
Fine Amount
€100,000
Enforcement Tracker ID
ETid-518
About this data
Cite as: Cookie Fines. Azeta.ee e-apteek - Estonia (2020). Retrieved from cookiefines.eu
Last updated: