Azienda Provinciale per i Servizi Sanitari di Trento – €150,000 Fine (Italy, 2021)

€150,000Garante per la protezione dei dati personali27 May 2021Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Italian data protection authority fined the Trento health service EUR 150,000 for accidentally sending 293 medical reports to doctors without patient consent. This mistake involved sensitive information, including cases of minors and women who had abortions. The case highlights the importance of ensuring software systems respect patient privacy choices.

What happened

The Trento health service mistakenly sent 293 medical reports to general practitioners without patient consent.

Who was affected

Patients who had explicitly requested their medical reports not be shared with their general practitioners.

What the authority found

The Italian authority found that the health service violated GDPR by not having a valid legal basis for sharing sensitive health data.

Why this matters

This case underscores the need for healthcare providers to ensure their systems respect patient privacy requests, especially for sensitive data. It serves as a reminder that technical errors can lead to significant privacy breaches and fines.

GDPR Articles Cited

AI-verified

Art. 9 GDPR
Art. 33 GDPR
Art. 5(1)(a) GDPR
Art. 5(1)(f) GDPR
View original scraped data
Art. 5(1)(a) GDPR
f) GDPR
Art. 9 GDPR

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Art. 122 Codice Privacy
Source verified 6 March 2026
articles corrected
national law identified
Italy enforcementGarante per la protezione dei dati personali actionsAll Azienda Provinciale per i Servizi Sanitari di Trento actions
Full Legal Summary
Detailed

The Italian DPA (Garante) has fined Azienda Provinciale per i Servizi Sanitari di Trento EUR 150,000. The controller had accidentally forwarded 293 medical reports of 175 patients to their general practitioners, even though the patients had asked not to forward the reports to their general practitioners. Among the patients in question had been two minors and several women who had undergone abortions. The investigation by Garante found that the data had been accidentally transmitted due to an error in the software that manages patient reports.

Related Enforcement Actions (0)

No other enforcement actions found for Azienda Provinciale per i Servizi Sanitari di Trento in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

27 May 2021

Authority

Garante per la protezione dei dati personali

Fine Amount

€150,000

Enforcement Tracker ID

ETid-773

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Azienda Provinciale per i Servizi Sanitari di Trento - Italy (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: