Azienda socio sanitaria territoriale nord Milano, C.F. – €40,000 Fine (Italy, 2023)

€40,000Garante per la protezione dei dati personali7 December 2023Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Azienda socio sanitaria territoriale nord Milano was fined EUR 40,000 after a health authority employee shared a patient's COVID test report with the patient's spouse without permission. This breach of privacy is a serious issue, as it involves unauthorized access to sensitive health information. It serves as a reminder for health organizations to protect patient data strictly.

What happened

A health authority employee shared a COVID test report with a spouse without the patient's authorization.

Who was affected

A patient whose COVID test results were improperly shared with their spouse.

What the authority found

The Italian data protection authority found that the health authority violated GDPR rules by disclosing personal health information without consent.

Why this matters

This case highlights the critical need for health organizations to enforce strict data protection measures. Other health services should review their policies to prevent unauthorized access to sensitive information.

GDPR Articles Cited

AI-verified

Art. 9(GDPR)
Art. 25(GDPR)
Art. 32(GDPR)
Art. 5(1)(a) GDPR
View original scraped data
Art. 5(1) a) GDPR
f) GDPR
Art. 9(GDPR)
Art. 25(GDPR)
Art. 32(GDPR)

Original data from scraper before AI verification against source document.

Source verified 12 March 2026
articles corrected
national law identified
Italy enforcementGarante per la protezione dei dati personali actionsAll Azienda socio sanitaria territoriale nord Milano, C.F. actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 40,000 on Azienda socio sanitaria territoriale nord Milano, C.F.. During its investigation, the DPA found that a patient's spouse had received their husband's COVID test report from an employee of the health authority without authorization.

Related Enforcement Actions (0)

No other enforcement actions found for Azienda socio sanitaria territoriale nord Milano, C.F. in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

7 December 2023

Authority

Garante per la protezione dei dati personali

Fine Amount

€40,000

Enforcement Tracker ID

ETid-2191

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Azienda socio sanitaria territoriale nord Milano, C.F. - Italy (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: