Veterinarian (anonymous) – Court Ruling (Germany, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A veterinarian transferred pet owner data to a billing company without consent, leading to a warning from the data protection authority. The authority insisted on getting consent before future data transfers. This case underscores the need for consent when sharing personal data with third parties.
What happened
The veterinarian transferred pet owner data to a billing company without obtaining consent.
Who was affected
Pet owners whose data was shared with the billing company without their consent.
What the authority found
The data protection authority warned the veterinarian that transferring data without consent violated GDPR requirements.
Why this matters
This ruling highlights the importance of obtaining consent before sharing personal data with third parties. Businesses should ensure they have clear consent mechanisms to comply with data protection laws.
GDPR Articles Cited
National Law Articles
The plaintiff is a veterinarian and has concluded a billing contract and a contract processing agreement (under Article 28 GDPR) with the clearing house for veterinarians (VTX). In case of default of payment, the VTX becomes owner of the claim (assignment of claim) in order to enforce it. The pet owner's data are transmitted to VTX for accounting purposes and the possible enforcement of claims before VTX declares its acceptance of an assignment of claims. This is done without the (explicit) consent of the pet owner. After a pet owner failed to pay a ~EUR 1.000 treatment invoice of the plaintiff, the claim was assigned to the VTX without the pet owner's consent. The pet owner filed a complaint with the competent supervisory authority (Landesbeauftragter für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz – LfDI) which issued a warning under Article 58(2)(b) GDPR, holding that the data transmission from the plaintiff to the VTX did not meet the requirements under the GDPR. Moreover, the LfDI asked the plaintiff to confirm that in the future, he would transfer data of pet owners to VTX only with their prior consent. The plaintiff filed an action against that decision, stating in essence that the transmission of accounting data to the VTX was based on Article 6(1)(b) and (f) and Article 6(4) GDPR. Since the assignment was only completed upon acceptance by VTX, data transfers which - as here - took place before the declaration of acceptance were to be regarded as data processing on behalf of the plaintiff. Further, the plaintiff argued that the data transferred constituted health data under Article 9(1) and Article 4(15) GDPR but the transfer was nevertheless admissible pursuant to Article 9 GDPR, as the strict requirements of Art 7 DSGVO could not generally be observed in treatment contracts with doctors and were therefore systematically inappropriate. Three disputes werde adressed from a data protection perspective: #Does the transmission of a pet owner'
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Veterinarian (anonymous) in DE
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Veterinarian (anonymous) - Germany (2020). Retrieved from cookiefines.eu
Last updated: