Irish Departement of Health – €22,500 Fine (Ireland, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Irish Department of Health was fined €22,500 for asking unnecessary questions that revealed sensitive information about families involved in special education litigation. The investigation found that while some data collection was lawful, the department went too far, violating privacy rules. This case highlights the importance of only collecting data that is truly needed.
What happened
The Irish Department of Health collected excessive sensitive information from families during litigation over special educational needs.
Who was affected
Families involved in litigation over special educational needs whose sensitive information was unnecessarily collected.
What the authority found
The Data Protection Commission ruled that the department's data collection violated the principle of data minimization under GDPR.
Why this matters
This case underscores the need for public bodies and companies to limit data collection to what is strictly necessary. It serves as a reminder that even well-intentioned data collection can breach privacy laws if it goes beyond what's needed.
GDPR Articles Cited
The Irish DPA (DPC) has fined the Irish Department of Health EUR 22,500. The DPA launched an investigation into the department following public allegations that the department unlawfully processed personal data from claimants and their families in the context of litigation over special educational needs. The DPC found that the departement had obtained information from the Health Service Executive (HSE) about services that the plaintiffs and their families had received. They had also been asked broad questions that led to the disclosure of sensitive private information. The data was collected to determine whether a settlement could be pursued with the plaintiff. The DPC concluded that the collection of information about the social services provided was lawful. However, the questions that led to the disclosure of the sensitive information were excessive and, according to the DPC, not necessary for the purposes of the litigation. According to the DPC, this violated the principle of data minimization.
Related Enforcement Actions (0)
No other enforcement actions found for Irish Departement of Health in IE
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
16 June 2023
Authority
Data Protection Commission
Fine Amount
€22,500
Enforcement Tracker ID
ETid-1965
About this data
Cite as: Cookie Fines. Irish Departement of Health - Ireland (2023). Retrieved from cookiefines.eu
Last updated: