Azienda Usl della Romagna – €120,000 Fine (Italy, 2021)

€120,000Garante per la protezione dei dati personali27 May 2021Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Italian Data Protection Authority fined Azienda Usl della Romagna EUR 120,000 for accidentally sending a patient's abortion report to her general practitioner. The patient had requested that this information not be shared. This case underscores the importance of ensuring that sensitive health data is shared only with proper consent and highlights the risks of software errors in data management.

What happened

A health authority was fined for accidentally sending a patient's abortion report to her general practitioner without consent.

Who was affected

A patient who had an abortion and requested that her general practitioner not be informed.

What the authority found

The Italian DPA fined the health authority for failing to protect sensitive health data due to a software error.

Why this matters

This ruling stresses the critical need for healthcare organizations to safeguard sensitive data and ensure that software systems are error-free. It serves as a reminder to regularly audit data management processes to prevent unauthorized disclosures.

GDPR Articles Cited

AI-verified

Art. 9(GDPR)
Art. 5(1)(f) GDPR
View original scraped data
Art. 5(1)(f) GDPR
Art. 9 GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
verified correct
Italy enforcementGarante per la protezione dei dati personali actionsAll Azienda Usl della Romagna actions
Full Legal Summary
Detailed

The Italian DPA (Garante) has fined Azienda Usl della Romagna EUR 120,000. The local health authority of Romagna had accidentally transmitted a patient's report regarding an abortion to a general practitioner. However, the patient had asked not to inform her general practitioner about it. The transmission of the report was made through the regional network 'Sole'. The investigation by Garante revealed that the data had been accidentally transmitted due to an error in the software that manages patient admissions, discharges and transfers.

Related Enforcement Actions (0)

No other enforcement actions found for Azienda Usl della Romagna in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

27 May 2021

Authority

Garante per la protezione dei dati personali

Fine Amount

€120,000

Enforcement Tracker ID

ETid-772

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Azienda Usl della Romagna - Italy (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: