Private individual – €2,000 Fine (Germany, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A clinic employee in Germany was fined EUR 2,000 for snooping into a patient's medical records without permission. This breach of privacy highlights the importance of respecting patient confidentiality and the legal consequences of unauthorized access to personal data.
What happened
A clinic employee unlawfully accessed a patient administration system to learn about their new neighbor.
Who was affected
The affected individuals were patients whose personal and medical information was accessed without permission.
What the authority found
The data protection authority fined the employee for accessing personal and medical data without a valid legal basis, violating GDPR's requirements.
Why this matters
This case serves as a reminder that individuals handling sensitive data must adhere to strict privacy standards. Unauthorized access to personal information, even out of curiosity, can lead to significant penalties.
GDPR Articles Cited
The DPA of Baden-Wuerttemberg has imposed a fine of EUR 2,000 on a clinic employee. The employee had unlawfully accessed a patient administration system in order to find out more about their new neighbor. This not only gave them access to personal details of the data subject, but also to medical information about them.
Related Enforcement Actions (1)
Other enforcement actions involving Private individual in DE
Details
Fine Date
1 January 2023
Authority
Bundesbeauftragter für den Datenschutz
Fine Amount
€2,000
Enforcement Tracker ID
ETid-2232
About this data
Cite as: Cookie Fines. Private individual - Germany (2023). Retrieved from cookiefines.eu
Last updated: