Medical association – €3,000 Fine (Italy, 2024)

€3,000Garante per la protezione dei dati personali9 May 2024Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

An Italian medical association was fined EUR 3,000 for accidentally sharing personal information. They sent an email about a doctor's vaccination status to the wrong people, which violated privacy rules. This case highlights the importance of careful handling of sensitive information.

What happened

The medical association mistakenly sent an email revealing a doctor's vaccination status and their employer's information to unintended recipients.

Who was affected

The doctor whose vaccination status and employer were disclosed, along with the unintended recipients of the email.

What the authority found

The authority found that the medical association failed to protect personal data properly, leading to a breach of privacy regulations.

Why this matters

This case shows that organizations must be diligent in protecting personal information to avoid costly mistakes. It serves as a reminder for all businesses to implement strict data handling procedures.

GDPR Articles Cited

AI-verified

Art. 2-ter Codice della privacy GDPR
Art. 6(GDPR)
Art. 5(1)(a) GDPR
View original scraped data
Art. 5(1) a) GDPR
Art. 6(GDPR)
Art. 2-ter Codice della privacy

Original data from scraper before AI verification against source document.

Source verified 15 March 2026
articles corrected
national law identified
Italy enforcementGarante per la protezione dei dati personali actionsAll Medical association actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 3,000 on a medical association. A doctor had filed a complaint because the professional association suspended them for not fulfilling the COVID-19 vaccination obligation and also informed their employer of this. An email from the association requesting notification of the employer was inadvertently sent to other individuals, as a result of which their email addresses and vaccination status became known.

Related Enforcement Actions (1)

Other enforcement actions involving Medical association in IT

Current
May 2024

Fine

€3K

Fine
Jun 2024· Garante per la protezione dei dati personali

The Italian DPA has imposed a fine of EUR 4,000 on the medical association 'Ordine dei Medici Chirurghi e degli Odontoiatri'. A patient had filed a co...

€4K

Details

Fine Date

9 May 2024

Authority

Garante per la protezione dei dati personali

Fine Amount

€3,000

Enforcement Tracker ID

ETid-2361

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Medical association - Italy (2024). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: