Medhelp Sjukvårdsrådgivning AB – Court Ruling (Sweden, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Swedish DPA fined Medhelp (Controller) a total of € 1,200,000 (SEK 12 million) for several breaches of GDPR. The Controller was contracted to answer and give medical advice on the medical advice phone line '1177' by three Swedish regions. The DPA found that the Controller breached GDPR on the following points: a) Medhelp was fined for unlawfully disclosing personal data to MediCall, a Thai company, and for allowing MediCall to process personal data, violating Article_5_GDPR#1a, Article_6_GDPR, and Article_9_GDPR#1. b) Medhelp, for an unknown period, exposed personal data in from of audio files containing recorded phone calls to 1177 on the internet without protection against unauthorized disclosure and unauthorized access, breaching Article_5_GDPR#1f and Article_32_GDPR#1 . c) Medhelp, other than an automated message stating that the calls were being recorded for patient safety and quality purposes, did not properly inform callers about how their personal data would be processed in connection with the collection of personal data during phone calls to 1177, in violation of Article_5_GDPR#1a and Article_13_GDPR. Medhelp appealed the DPA's decision to the Administrative Court in Stockholm, which overturned point (a) of the decision and remanded the issue to IMY for further processing, amended the decision for points (b) to (d) to reduce the sanction fee to 8,800,000 SEK, and dismissed the appeal in other respects. The Administrative Court annulled point (a) of IMY's decision, because both MediCall and Medhelp were deemed healthcare providers with responsibility for the personal data under Swedish laws, and MediCall's personnel were also subject to confidentiality obligations specified in [https://www.riksdagen.se/sv/dokument-och-lagar/dokument/svensk-forfattningssamling/patientsakerhetslag-2010659_sfs-2010-659/#K6 Chapter 6 of Patient Safety Act.] That court ruled that Medhelp was legally permitted to disclose personal data to MediCall for processing in relation
GDPR Articles Cited
Swedish DPA fined Medhelp (Controller) a total of € 1,200,000 (SEK 12 million) for several breaches of GDPR. The Controller was contracted to answer and give medical advice on the medical advice phone line '1177' by three Swedish regions. The DPA found that the Controller breached GDPR on the following points: a) Medhelp was fined for unlawfully disclosing personal data to MediCall, a Thai company, and for allowing MediCall to process personal data, violating Article_5_GDPR#1a, Article_6_GDPR, and Article_9_GDPR#1. b) Medhelp, for an unknown period, exposed personal data in from of audio files containing recorded phone calls to 1177 on the internet without protection against unauthorized disclosure and unauthorized access, breaching Article_5_GDPR#1f and Article_32_GDPR#1 . c) Medhelp, other than an automated message stating that the calls were being recorded for patient safety and quality purposes, did not properly inform callers about how their personal data would be processed in connection with the collection of personal data during phone calls to 1177, in violation of Article_5_GDPR#1a and Article_13_GDPR. Medhelp appealed the DPA's decision to the Administrative Court in Stockholm, which overturned point (a) of the decision and remanded the issue to IMY for further processing, amended the decision for points (b) to (d) to reduce the sanction fee to 8,800,000 SEK, and dismissed the appeal in other respects. The Administrative Court annulled point (a) of IMY's decision, because both MediCall and Medhelp were deemed healthcare providers with responsibility for the personal data under Swedish laws, and MediCall's personnel were also subject to confidentiality obligations specified in [https://www.riksdagen.se/sv/dokument-och-lagar/dokument/svensk-forfattningssamling/patientsakerhetslag-2010659_sfs-2010-659/#K6 Chapter 6 of Patient Safety Act.] That court ruled that Medhelp was legally permitted to disclose personal data to MediCall for processing in relation
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Medhelp Sjukvårdsrådgivning AB in SE
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Medhelp Sjukvårdsrådgivning AB - Sweden (2024). Retrieved from cookiefines.eu
Last updated: