Dr. P*** K*** (medical doctor) – €600 Fine (Austria, 2020)

€600Datenschutzbehörde19 October 2020Austria
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

An Austrian doctor was fined 600 euros for posting sensitive patient information on Facebook without consent. This included health data and personal details, which is against data protection laws. The case is a reminder that sharing personal data online without permission can lead to legal consequences.

What happened

A doctor published patients' sensitive health information on Facebook without their consent.

Who was affected

Patients whose health data and personal details were shared publicly by their doctor.

What the authority found

The Austrian Data Protection Authority ruled that the doctor violated GDPR by sharing sensitive personal data without any legal basis.

Why this matters

This case serves as a cautionary tale for professionals handling sensitive data, emphasizing the need for explicit consent before sharing personal information online. It also highlights the potential legal and financial repercussions of mishandling personal data.

GDPR Articles Cited

Art. 5(1)(a) GDPR
Art. 9(1) GDPR
Art. 9(2) GDPR
Art. 4(15) GDPR
Art. 83(5)(a) GDPR

National Law Articles

§ 47(1) VStG (Verwaltungsstrafgesetz - Admininstraitive Penal Act)
Austria enforcementDatenschutzbehörde actionsAll Dr. P*** K*** (medical doctor) actions
Full Legal Summary
Detailed

Between February and June 2020, a medical doctor published information on his/her patients on his/her personal Facebook page. The information included special categories of personal data (health data under Article 4(15 GDPR) and consisted of the patients' names and social security numbers, excerpts from patient letters, medical records/protocols, medical diagnoses, medication data, data on hospital admissions and discharges and names of of other doctors treating the patients. The Austrian Data Protection Authority (Datenschutzbehörde - DSB) held that the doctor had violated Article 5(1)(a) GDPR and Article 9(1) and (2) GDPR as the patients had not given their ecplicit consent to the online publication of their data under Article 9(2)(a) GDPR and there was no other legal basis for the processing under Article 9(2) GDPR. Consequently, the DSB issued a fine of EUR 600 under Article 83(5)(a) GDPR

Related Enforcement Actions (0)

No other enforcement actions found for Dr. P*** K*** (medical doctor) in AT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

19 October 2020

Authority

Datenschutzbehörde

Fine Amount

€600

GDPRhub ID

gdprhub-2934

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Dr. P*** K*** (medical doctor) - Austria (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: