Azienda sanitaria locale di Bari – €50,000 Fine (Italy, 2023)

€50,000Garante per la protezione dei dati personali2 March 2023Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A healthcare facility in Italy was fined €50,000 for improperly publishing patient reviews online. The reviews contained sensitive health information that was not adequately hidden. This case highlights the importance of protecting patient privacy, especially when sharing information online.

What happened

Azienda sanitaria locale di Bari published patient reviews online with identifiable health information that was poorly redacted.

Who was affected

Former patients whose health information was exposed in online reviews.

What the authority found

The Italian DPA found that the healthcare facility violated GDPR by not properly protecting sensitive patient data before publishing it online.

Why this matters

This case underscores the need for healthcare providers to ensure patient data is fully anonymized before sharing it publicly. It serves as a reminder to all businesses handling sensitive information to review their data protection practices.

GDPR Articles Cited

Art. 9(GDPR)
Art. 5(1)(a) GDPR
Art. 25(1) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Azienda sanitaria locale di Bari actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 50,000 on Azienda sanitaria locale di Bari. The healthcare facility had published reviews of former patients on the Internet and provided access to hundreds of documents on which it was possible to identify the patients. The information about the patients had been crudely redacted, but not enough to prevent the data from being disclosed. In particular, information about the patients' state of health, clinical data on operations, diagnoses, etc. were visible.

Related Enforcement Actions (0)

No other enforcement actions found for Azienda sanitaria locale di Bari in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

2 March 2023

Authority

Garante per la protezione dei dati personali

Fine Amount

€50,000

Enforcement Tracker ID

ETid-1786

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Azienda sanitaria locale di Bari - Italy (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: