Azienda Ospedaliera Universitaria Integrata di Verona – Violation Found (Italy, 2022)

Violation Found
Garante per la protezione dei dati personali30 June 2022Italy
final
ePrivacy
Violation Found

Italy's data protection authority approved the use of patient data by Azienda Ospedaliera Universitaria Integrata di Verona for medical research. The hospital must get specific consent from patients for future studies. This decision helps ensure that patient data is used responsibly while advancing medical research.

What happened

Azienda Ospedaliera Universitaria Integrata di Verona was authorized to collect and store patient data for research purposes.

Who was affected

Patients participating in medical studies at the hospital were affected by this decision.

What the authority found

The authority required that the hospital obtain specific consent from patients for ongoing research, ensuring compliance with data protection rules.

Why this matters

This ruling emphasizes the need for clear consent processes in medical research. Hospitals and researchers should be aware of the importance of obtaining proper consent to protect patient privacy.

GDPR Articles Cited

AI-verified

Art. 35(GDPR)
Art. 36(GDPR)
View original scraped data
Art. 35(GDPR)
Art. 36(GDPR)

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

D.Lgs. 30 giugno 2003, n. 196, art. 110
Prescrizioni relative al trattamento dei dati personali effettuato per scopi di ricerca scientifica, allegato n. 5 al Provvedimento che individua le prescrizioni contenute nelle Autorizzazioni generali che risultano compatibili con il Regolamento e con il d.lgs. n. 101/2018 di adeguamento del Codice, del 5 giugno 2019
Regole deontologiche per trattamenti a fini statistici o di ricerca scientifica adottate dal Garante, ai sensi dell’art. 20, comma 4, del d.lgs. 10 agosto 2018, n. 101, con provvedimento n. 515, del 19 dicembre 2018
Source verified 10 April 2026
articles corrected
national law identified
scope corrected
Italy enforcementGarante per la protezione dei dati personali actionsAll Azienda Ospedaliera Universitaria Integrata di Verona actions
Full Legal Summary
Detailed

The Garante authorised the collection and storage of data in the 'Torax' database on the basis of an initial consent, expressed by patients when they took part in the study, provided that the hospital subsequently acquires specific consents from patients or the opinion of the Garante for those who have died or can no longer be contacted, as the research projects are further defined and approved by the territorially competent ethics committees. Favourable opinion of the Italian Garante on the processing of data by the Azienda Ospedaliera Universitaria Integrata di Verona aimed at studying patients suffering from neoplastic, infectious, degenerative and traumatic diseases of the thoracic district. The project envisages the creation of a database and research activities in nine areas that will be the subject of further specific protocols and submitted to the relevant ethics committees. In order to give the go-ahead the Authority required researchers to base the collection - and subsequent processing of health data for medical research purposes - on 'stepwise' consent.

Outcome

Violation Found

The DPA found a violation but did not impose a fine.

Related Enforcement Actions (0)

No other enforcement actions found for Azienda Ospedaliera Universitaria Integrata di Verona in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Decision Date

30 June 2022

Authority

Garante per la protezione dei dati personali

GDPRhub ID

gdprhub-5126

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Azienda Ospedaliera Universitaria Integrata di Verona - Italy (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: