Verifiera AB – Court Ruling (Sweden, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Verifiera AB received a reprimand for publishing sensitive health-related court decisions without proper safeguards. The Swedish data protection authority found that this violated GDPR rules about processing health data. This case highlights the need for companies to be cautious when handling sensitive information.
What happened
Verifiera AB published court decisions related to health without complying with GDPR's restrictions on sensitive data.
Who was affected
Individuals whose health-related information was included in the published court decisions.
What the authority found
The authority ruled that Verifiera AB violated GDPR by processing sensitive health data without adequate legal grounds.
Why this matters
This case underscores the importance of protecting sensitive personal information. Companies dealing with health data should implement strict compliance measures to avoid violations.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
The controller, Verifiera AB, operates a database that includes court decisions pertaining to involuntary psychiatric care and care of persons with substance abuse. The controller's business operations falls within the scope of the Swedish constitutional law on Freedom of Expression (Yttrandefrihetsgrundlag - YGL) due to their publishing license ("utgivningsbevis"). The Swedish DPA (Integritetsskyddsmyndigheten - IMY) issued a reprimand and an injunction against the controller. The DPA found that the publication of health-related court decisions by the controller violated Article 9(1) GDPR, which prohibits the processing of personal data related to health. It ordered the controller to take certain measures to comply with Article 9(1) GDPR. Although [https://www.riksdagen.se/sv/dokument-och-lagar/dokument/svensk-forfattningssamling/lag-2018218-med-kompletterande-bestammelser_sfs-2018-218/ Chapter 1, §7 of the Swedish Data Protection Act], states that the GDPR and the implementing national law shall not apply to the extent that this would conflict, among others, with the constitutional law on Freedom of Expression, the GDPR is still applicable when sensitive data is published under [https://www.riksdagen.se/sv/dokument-och-lagar/dokument/svensk-forfattningssamling/yttrandefrihetsgrundlag-19911469_sfs-1991-1469/#K1 Chapter 1, §20 YGL]. [https://www.riksdagen.se/sv/dokument-och-lagar/dokument/svensk-forfattningssamling/yttrandefrihetsgrundlag-19911469_sfs-1991-1469/#K1 Chapter 1, §20 YGL] states: “The provisions of this Constitution shall not preclude the enactment of legislation prohibiting the disclosure of personal data # revealing ethnic origin, skin colour or other similar characteristics, political opinions, religious or philosophical beliefs or trade union membership # concerning health, sex life or sexual orientation, or # which consists of genetic data or biometric data to uniquely identify a natural person.” Thus, the DPA held that Article 9(1) GDPR is ap
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Verifiera AB in SE
This is the only recorded case for this entity in this jurisdiction.
Details
Ruling Date
20 June 2024
Authority
DPA KamRStockholm
About this data
Cite as: Cookie Fines. Verifiera AB - Sweden (2024). Retrieved from cookiefines.eu
Last updated: