Azienda Ospedaliera Universitaria Integrata di Verona – Violation Found (Italy, 2022)

Violation Found
Garante per la protezione dei dati personali30 June 2022Italy
final
ePrivacy
Violation Found

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Italian Garante approved a hospital's data collection plan for medical research but required additional consent for certain patients. This decision allows the hospital to proceed with its research while ensuring patient rights are respected. It shows that even in research, consent is crucial.

What happened

The Garante authorized the hospital to collect and store patient data for a research database, but with conditions on consent.

Who was affected

Patients participating in the research study were affected by this decision.

What the authority found

The authority ruled that the hospital must obtain specific consent from patients or guidance from the Garante for deceased individuals or those unreachable.

Why this matters

This case highlights the need for clear consent processes in medical research. Hospitals and researchers should be aware of the importance of obtaining proper consent from patients.

GDPR Articles Cited

AI-verified

Art. 36(GDPR)
View original scraped data
Art. 35(GDPR)
Art. 36(GDPR)

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Art. 110 Codice Privacy
Source verified 10 April 2026
articles corrected
national law identified
scope corrected
Italy enforcementGarante per la protezione dei dati personali actionsAll Azienda Ospedaliera Universitaria Integrata di Verona actions
Full Legal Summary
Detailed

The Garante authorised the collection and storage of data in the 'Torax' database on the basis of an initial consent, expressed by patients when they took part in the study, provided that the hospital subsequently acquires specific consents from patients or the opinion of the Garante for those who have died or can no longer be contacted, as the research projects are further defined and approved by the territorially competent ethics committees. Favourable opinion of the Italian Garante on the processing of data by the Azienda Ospedaliera Universitaria Integrata di Verona aimed at studying patients suffering from neoplastic, infectious, degenerative and traumatic diseases of the thoracic district. The project envisages the creation of a database and research activities in nine areas that will be the subject of further specific protocols and submitted to the relevant ethics committees. In order to give the go-ahead the Authority required researchers to base the collection - and subsequent processing of health data for medical research purposes - on 'stepwise' consent.

Outcome

Violation Found

The DPA found a violation but did not impose a fine.

Related Enforcement Actions (0)

No other enforcement actions found for Azienda Ospedaliera Universitaria Integrata di Verona in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Decision Date

30 June 2022

Authority

Garante per la protezione dei dati personali

GDPRhub ID

gdprhub-5126

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Azienda Ospedaliera Universitaria Integrata di Verona - Italy (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: