Azienda Universitaria Giuliano Isontina – €55,000 Fine (Italy, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Italy's data protection authority fined a health authority EUR 55,000 for using patient data to predict COVID-19 complications without proper legal basis or a data protection impact assessment. This is significant because it shows that even health organizations must follow strict data protection rules when using personal data for profiling.
What happened
The Italian DPA fined a health authority for using patient data to profile COVID-19 risks without a valid legal basis.
Who was affected
Patients whose personal data was used by the health authority to create risk profiles for COVID-19 complications.
What the authority found
The DPA found that the health authority lacked a valid legal basis and failed to conduct a required data protection impact assessment.
Why this matters
This fine highlights the need for health organizations to ensure they have a valid legal basis for processing personal data, especially for profiling. It also emphasizes the importance of conducting data protection impact assessments to comply with GDPR.
GDPR Articles Cited
The Italian DPA has imposed a fine of EUR 55,000 on Azienda Universitaria Giuliano Isontina . The health authority has created patient profiles using algorithms and personal patient data to indicate the risk of having complications in the event of a Covid 19 infection. This was intended to identify appropriate diagnostic and therapeutic pathways in a timely manner in the event of complications. However, the DPA found that the health authority did not have a valid legal basis to process patients' personal data for profiling. In addition, the DPA found that the health authority had failed to conduct a data protection impact assessment. In calculating the fine, the DPA took into account the aggravating factor that a large number of individuals were affected.
Related Enforcement Actions (0)
No other enforcement actions found for Azienda Universitaria Giuliano Isontina in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
15 December 2022
Authority
Garante per la protezione dei dati personali
Fine Amount
€55,000
Enforcement Tracker ID
ETid-1608
About this data
Cite as: Cookie Fines. Azienda Universitaria Giuliano Isontina - Italy (2022). Retrieved from cookiefines.eu
Last updated: