Azienda Universitaria Friuli Occidentale – €55,000 Fine (Italy, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Azienda Universitaria Friuli Occidentale was fined EUR 55,000 for using patient data to create profiles without proper consent. They used algorithms to predict Covid-19 complications but failed to follow privacy rules. This case highlights the importance of having a legal basis for processing sensitive health data.
What happened
Azienda Universitaria Friuli Occidentale used patient data to create profiles without a valid legal basis.
Who was affected
Patients whose personal data was used to create profiles predicting Covid-19 complications.
What the authority found
The Italian DPA found that the health authority lacked a valid legal basis for processing personal data and failed to conduct a data protection impact assessment.
Why this matters
This case underscores the need for health organizations to ensure they have a valid legal basis when processing sensitive data. It also emphasizes the importance of conducting data protection impact assessments when using algorithms in healthcare.
GDPR Articles Cited
The Italian DPA has imposed a fine of EUR 55,000 on Azienda Universitaria Friuli Occidentale. The health authority has created patient profiles using algorithms and personal patient data to indicate the risk of having complications in the event of a Covid 19 infection. This was intended to identify appropriate diagnostic and therapeutic pathways in a timely manner in the event of complications. However, the DPA found that the health authority did not have a valid legal basis to process patients' personal data for profiling. In addition, the DPA found that the health authority had failed to conduct a data protection impact assessment. In calculating the fine, the DPA took into account the aggravating factor that a large number of individuals were affected.
Related Enforcement Actions (0)
No other enforcement actions found for Azienda Universitaria Friuli Occidentale in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
15 December 2022
Authority
Garante per la protezione dei dati personali
Fine Amount
€55,000
Enforcement Tracker ID
ETid-1606
About this data
Cite as: Cookie Fines. Azienda Universitaria Friuli Occidentale - Italy (2022). Retrieved from cookiefines.eu
Last updated: