Azienda Sanitaria Locale Roma – €46,000 Fine (Italy, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A healthcare facility in Rome was fined EUR 46,000 for unlawfully publishing patients' health information online. This is important because it shows how serious the consequences can be for mishandling sensitive data like medical records.
What happened
Azienda Sanitaria Locale Roma published the names and health information of 1337 patients on its website.
Who was affected
Patients whose health records, including medical documents and disability assessments, were exposed online.
What the authority found
The authority ruled that the healthcare facility processed patient data unlawfully and failed to minimize the data shared.
Why this matters
This case highlights the critical importance of data minimization and lawful processing, especially for sensitive health information, serving as a warning to healthcare providers.
GDPR Articles Cited
The Italian DPA has fined Azienda Sanitaria Locale Roma EUR 46,000. The healthcare facility had published the names and health information of 1337 patients on its website. In most cases, this involved the health records of the data subjects, including medical documents, disability assessments, tests, technical reports, etc.... In this context, the DPA found that the healthcare institution had processed the data unlawfully as well as violated principle of data minimization.
Related Enforcement Actions (0)
No other enforcement actions found for Azienda Sanitaria Locale Roma in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
26 May 2022
Authority
Garante per la protezione dei dati personali
Fine Amount
€46,000
Enforcement Tracker ID
ETid-1257
About this data
Cite as: Cookie Fines. Azienda Sanitaria Locale Roma - Italy (2022). Retrieved from cookiefines.eu
Last updated: