Omilos Iatriki Diagnosi – Dismissed (Greece, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Hellenic Data Protection Authority dismissed a complaint against Omilos Iatriki Diagnosi regarding a privacy breach. A patient claimed their test results were shared with their father without consent, but the center argued that no health information was disclosed. This ruling shows how privacy complaints can be evaluated based on the context of the situation.
What happened
A complaint was filed against Omilos Iatriki Diagnosi for allegedly sharing a patient's test results with their father without consent.
Who was affected
The patient whose test results were allegedly shared was affected.
What the authority found
The Hellenic DPA found no violation of data protection rules in this case.
Why this matters
This decision illustrates that not all privacy complaints lead to penalties, and it highlights the importance of context in evaluating privacy issues. Companies should still be cautious about sharing any personal information.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
Entities Involved
On 15 December 2022, a data subject filed a complaint with the Hellenic DPA (HDPA) against a diagnostic centre (the controller). The data subject alleged that after conducting tests at the the controller's facility, an employee communicated the results of her tests to the data subject's father by telephone without her consent. Specifically, she alleged that the employee contacted her father by telephone, informed him of the additional tests that the complainant had to undergo and requested that the data subject call immediately to confirm the additional cost. In the data subject's protest, she claimed that the controller apologized and admitted to the incident by saying "what's done is done, now it's not undone." The controller confirmed that the data subject had undergone examinations at its facility. It claimed that an employee informed her about the data protection policy and that the data subject had completed a form entitled "Declaration of Consent For Sending Results" to send the results by electronic mail using encryption. The controller alleged that the data subject herself provided her telephone number to the employee, and that the employee called that telephone number in order to inform her of additional required tests. The call was answered by the data subject's father, who responded that the data subject was absent and who was asked to inform her that she needed to contact the diagnostic center for her personal matter. The controller argued that no health information was disclosed. With regard to the alleged apology, the controller claimed that there was no admission of the incident and apology, but rather that the situation was handled with courtesy and the data subject was informed of the content of the disputed telephone call. The data subject responded to the controller's allegations and noted that she never stated the specific telephone number to the controller and that her number is different. In response, the controller clarified that the complain
Outcome
Dismissed
The complaint or investigation was dismissed.
Related Enforcement Actions (0)
No other enforcement actions found for Omilos Iatriki Diagnosi in GR
This is the only recorded action for this entity in this jurisdiction.
Details
Decision Date
15 April 2024
Authority
Hellenic Data Protection Authority
About this data
Cite as: Cookie Fines. Omilos Iatriki Diagnosi - Greece (2024). Retrieved from cookiefines.eu
Last updated: