Dalarna Region – €17,900 Fine (Sweden, 2023)

€17,900Integritetsskyddsmyndigheten17 January 2023Sweden
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Sweden fined Dalarna Region for sending patient appointment letters that showed sensitive information through the envelope window. This mistake allowed unauthorized people to see which healthcare facility patients were visiting. The case highlights the importance of protecting personal data even in everyday communications.

What happened

Dalarna Region sent patient visit invitations with visible healthcare facility information through the envelope window.

Who was affected

Patients whose appointment letters revealed the healthcare facility they were visiting.

What the authority found

The Swedish DPA found that Dalarna Region failed to protect personal data by not implementing adequate measures, violating GDPR's security requirements.

Why this matters

This case emphasizes the need for organizations to carefully consider how they handle and display personal information, even in routine mailings. Businesses should review their communication methods to ensure they do not inadvertently expose sensitive data.

GDPR Articles Cited

Art. 32(1) GDPR
Sweden enforcementIntegritetsskyddsmyndigheten actionsAll Dalarna Region actions
Full Legal Summary
Detailed

The Swedish DPA has imposed a fine of EUR 17,900 on Dalarna Region. The region had sent out invitations for patient visits where the respective healthcare facility, such as a children's hospital, was visible on the envelope window. The DPA found that this visibility allowed unauthorized persons to gain access to patients' personal data. The DPA concluded that the region had failed to implement adequate technical and organizational measures to protect personal data.

Related Enforcement Actions (0)

No other enforcement actions found for Dalarna Region in SE

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

17 January 2023

Authority

Integritetsskyddsmyndigheten

Fine Amount

€17,900

Enforcement Tracker ID

ETid-1579

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Dalarna Region - Sweden (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: