Senseonics Inc. – €45,000 Fine (Italy, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Italy fined Senseonics Inc. EUR 45,000 for privacy violations after a data breach exposed diabetic patients' email addresses. The company also failed to get proper consent for processing health data and provided confusing privacy information. This case highlights the importance of clear consent and transparency when handling sensitive data.
What happened
Senseonics Inc. was fined for a data breach that exposed diabetic patients' email addresses and for failing to obtain proper consent for data processing.
Who was affected
Diabetic patients whose email addresses were exposed in a data breach and users of the glucose monitoring app who were not properly informed about data processing.
What the authority found
The Italian DPA found that Senseonics Inc. violated GDPR by not obtaining valid consent for processing health data and failing to provide clear privacy information.
Why this matters
This case emphasizes the need for companies to ensure clear and separate consent for processing sensitive data. It also serves as a reminder to provide transparent information about data practices, especially in health-related services.
GDPR Articles Cited
The Italian DPA has imposed a fine of EUR 45,000 on Senseonics Inc. The company had reported a data breach to the DPA pursuant to Art. 33 GDPR, involving an employee accidentally sending an information campaign by email to a large number of recipients in an open distribution list. This made it possible for all recipients to view the email addresses of the other recipients. The recipients of the e-mails were diabetic patients, making it possible to obtain information about the health status of the data subjects via the e-mails. In the course of its investigation, the DPA also identified other privacy violations involving the glucose monitoring system produced by the company. By downloading the monitoring app, users were required to accept both the contractual terms of use and the content of the privacy policy with a single 'click.' This did not allow them to separately give their consent to the individual processing operations, including the processing of health data. Further, the DPA found that the company had violated the principles of fairness and transparency by providing users with confusing and sometimes erroneous information regarding the processing of personal data. In addition, the company failed to designate its representative in the European Union as the contact person for all data protection issues.
Related Enforcement Actions (0)
No other enforcement actions found for Senseonics Inc. in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
7 July 2022
Authority
Garante per la protezione dei dati personali
Fine Amount
€45,000
Enforcement Tracker ID
ETid-1424
About this data
Cite as: Cookie Fines. Senseonics Inc. - Italy (2022). Retrieved from cookiefines.eu
Last updated: