Ospedaliero-Universitaria Careggi – €80,000 Fine (Italy, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Ospedaliero-Universitaria Careggi was fined for allowing medical staff to access patient data that wasn't relevant to their treatment. This misuse of personal data raises serious concerns about patient privacy. It serves as a reminder for healthcare providers to limit access to sensitive information.
What happened
Ospedaliero-Universitaria Careggi was fined for using software that let medical personnel search through patient histories unrelated to their treatment.
Who was affected
Patients whose medical histories were accessed without proper justification were affected.
What the authority found
The authority imposed a fine because the hospital did not adequately protect patient data and allowed unnecessary access.
Why this matters
This case shows that healthcare institutions must strictly control access to sensitive data. Other businesses should also be cautious about who can view personal information.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Italian DPA has imposed a fine of EUR 80,000 on the Ospedaliero-Universitaria Careggi. The controller, a university hospital, used software that allowed medical personnel to search through the data subject's history, even if this was unrelated to the specific medical treatment.
Related Enforcement Actions (0)
No other enforcement actions found for Ospedaliero-Universitaria Careggi in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
4 August 2025
Authority
Garante per la protezione dei dati personali
Fine Amount
€80,000
About this data
Cite as: Cookie Fines. Ospedaliero-Universitaria Careggi - Italy (2025). Retrieved from cookiefines.eu
Last updated: