Covid-19 test center – €2,700 Fine (Germany, 2022)

€2,700Bundesbeauftragter für den Datenschutz1 January 2022Germany
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A Covid-19 test center in Germany was fined EUR 2,700 for sending unencrypted emails with links to test results. This lack of security allowed unauthorized access to personal health information. The case stresses the importance of using secure methods to share sensitive data.

What happened

The test center sent unencrypted emails with URLs that could be used to access test results without additional security.

Who was affected

Individuals who received Covid-19 tests at the center were affected by the insecure sharing of their results.

What the authority found

The Hamburg privacy authority found that the test center failed to adequately protect personal data, violating GDPR's security requirements.

Why this matters

This ruling highlights the necessity for businesses to implement strong security measures when handling personal data. It serves as a reminder to use encryption and other safeguards when sharing sensitive information.

GDPR Articles Cited

Art. 32(1) GDPR
Germany enforcementBundesbeauftragter für den Datenschutz actionsAll Covid-19 test center actions
Full Legal Summary
Detailed

The DPA of Hamburg has imposed a fine of EUR 2,700 on a Covid-19 test center. The test center had send the data subjects an unencrypted e-mail containing a URL that allowed them to access the test result without taking any further security measures. In some cases, the download link was structured in a way that led to the download of a PDF file with the file name corresponding to the last name of the person tested. With knowledge of the directory path, it was therefore possible to view third-party test results.

Related Enforcement Actions (2)

Other enforcement actions involving Covid-19 test center in DE

Fine
Jan 2022· Bundesbeauftragter für den Datenschutz

The DPA of Hessen imposed a fine of EUR 1,800 on a Covid-19 test center. An employee had taken an adhesive label from the trash, written the test cent...

€2K
Fine
Jan 2022· Bundesbeauftragter für den Datenschutz

The DPA of Hessen has fined a Covid-19 test center EUR 16,400. The controller had sent an e-mail containing personal data to several recipients in an ...

€16K
Current
Jan 2022

Fine

€3K

Details

Fine Date

1 January 2022

Authority

Bundesbeauftragter für den Datenschutz

Fine Amount

€2,700

Enforcement Tracker ID

ETid-1745

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Covid-19 test center - Germany (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: