Fondazione Policlinico Tor Vergata di Roma – €15,000 Fine (Italy, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Italy fined Fondazione Policlinico Tor Vergata di Roma EUR 15,000 for not protecting patient data properly. The hospital failed to inform patients about how their data was used when booking medical appointments. This case highlights the importance of transparency and data security in handling personal information.
What happened
Fondazione Policlinico Tor Vergata di Roma did not implement adequate data protection measures and failed to inform patients about data processing during appointment bookings.
Who was affected
Patients booking medical appointments through the hospital's online portal were affected.
What the authority found
The Italian data authority found the hospital violated GDPR by not securing data properly and failing to inform patients about data use.
Why this matters
This case underscores the need for healthcare providers to ensure robust data protection and transparency. It serves as a reminder for businesses to clearly communicate data practices to users.
GDPR Articles Cited
The Italian DPA (Garante) has imposed a fine of EUR 15,000 on Fondazione Policlinico Tor Vergata di Roma. In February 2020, a data subject filed a complaint with Garante alleging a breach of data protection laws in relation to the booking services for medical specialists offered by the controller. In order to book a relevant appointment on the booking portal, visitors had to fill out an online form in which various personal data was requested. As the DPA found, the controller had not implemented adequate technical and organizational measures to ensure the protection of data processing. In addition, the controller did not comply with its information obligations pursuant to Art. 13 GDPR, as it had not properly informed the data subjects about the processing of their personal data at the time of the data collection.
Related Enforcement Actions (0)
No other enforcement actions found for Fondazione Policlinico Tor Vergata di Roma in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
21 April 2021
Authority
Garante per la protezione dei dati personali
Fine Amount
€15,000
Enforcement Tracker ID
ETid-704
About this data
Cite as: Cookie Fines. Fondazione Policlinico Tor Vergata di Roma - Italy (2021). Retrieved from cookiefines.eu
Last updated: