Physician – €5,000 Fine (Italy, 2021)

€5,000Garante per la protezione dei dati personali15 April 2021Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

An Italian doctor was fined €5,000 for showing slides with a patient's personal data at a conference, which were later published online. The slides included sensitive information like medical history and photos, and the patient hadn't agreed to share this data. This case highlights the importance of getting consent before sharing personal information, especially in medical settings.

What happened

A physician shared slides containing a patient's personal data at a conference, which were then published online without the patient's consent.

Who was affected

A patient whose medical history and personal details were shared without consent.

What the authority found

The Italian data protection authority ruled that the physician violated GDPR by processing personal data without a valid legal basis, such as consent.

Why this matters

This case underscores the need for healthcare professionals to obtain explicit consent before sharing patient data. It serves as a reminder that even well-intentioned disclosures can lead to privacy violations if consent is not obtained.

GDPR Articles Cited

Art. 6 GDPR
Art. 9 GDPR
Art. 5(1)(a) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Physician actions
Full Legal Summary
Detailed

The Italian DPA (Garante) has imposed a fine of EUR 5,000 on a physician. The controller had shown slides of a clinical case at a congress, which were subsequently published on the website of the Società triveneta di chirurgia. The slides contained personal data of a patient, such as the patient's initials, age, gender, a detailed medical history of the patient, details of admissions from 1980 to 2016 and surgical procedures performed during that period, indicating the date of admission and the date of surgery, the surgical department that performed the procedures, the days spent in hospital, numerous diagnostic images and 22 photographs showing the patient during the surgeries. At no time had the data subject consented to such processing of his or her personal data.

Related Enforcement Actions (2)

Other enforcement actions involving Physician in IT

Current
Apr 2021

Fine

€5K

Fine
Sept 2021· Garante per la protezione dei dati personali

The Italian DPA (Garante) has fined a physician EUR 2,000. A patient had complained to the DPA that the doctor had disclosed his personal data to thir...

€2K
Fine
Dec 2024· Garante per la protezione dei dati personali

The Italian DPA has imposed a fine of EUR 20,000 on a physician who had published images of a patient who had undergone cosmetic surgery on a social n...

€20K

Details

Fine Date

15 April 2021

Authority

Garante per la protezione dei dati personali

Fine Amount

€5,000

Enforcement Tracker ID

ETid-683

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Physician - Italy (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: