VšĮ Biržų ligoninė – €6,000 Fine (Lithuania, 2026)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Biržų ligoninė was fined for using video surveillance without proper legal grounds. This is important because it shows that hospitals must follow strict rules when monitoring areas, especially sensitive ones like operating rooms. The fine of EUR 6,000 serves as a reminder for healthcare providers to ensure they have valid reasons for surveillance.
What happened
The hospital used video surveillance in various areas, including operating rooms, without a valid legal basis.
Who was affected
Patients and staff at Biržų ligoninė who were recorded by the hospital's surveillance cameras.
What the authority found
The authority found that the hospital did not have a valid reason for its video surveillance activities, violating data protection rules.
Why this matters
This case highlights the need for healthcare facilities to carefully assess their surveillance practices. Organizations should ensure they have valid legal bases for monitoring to protect individuals' privacy.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
In April 2025, the DPA carried out an ex-officio investigation regarding the video surveillance activities of a hospital (the controller). In its investigations, the DPA found that the controller had placed video surveillance cameras in several areas, including outdoor areas, entrances, common areas and operating rooms. All indoor cameras recorded both video and audio, and the controller placed signs informing data subjects of the surveillance activities. The controller argued that its surveillance activities were lawful under legitimate interest (Article 6(1)(f) GDPR). The DPA first found a violation of Articles 5(1)(a) and 6(1) GDPR, as the hospital did not have a valid legal basis for the video surveillance activities. The DPA noted that the controller had only relied on legitimate interests to process the data. The DPA therefore assessed whether the cumulative requirements under Article 6(1)(f) GDPR were met; whether the controller has a legitimate interest, whether the processing is necessary for the purpose, and whether data subjects’ rights and freedoms override the controller’s legitimate interests. The DPA acknowledged that the controller’s aims of ensuring a safe environment for patients in general and ensuring efficiency in the operating rooms were legitimate aims. In addition, the surveillance activities were necessary to ensure a safe environment, and the data subjects’ rights and freedoms did not override the controller’s legitimate interest. This, however, was not the case for all the cameras; the DPA made a distinction between the surveillance of outdoors or common areas (such as corridors), and operating rooms or staff areas. According to the DPA, the surveillance of operating and staff rooms did not meet the requirements of necessity or overriding interests. For example, the controller could efficiently organise its operating rooms with less restrictive means, and it had not provided evidence that video surveillance was the only necessary mean
Related Enforcement Actions (0)
No other enforcement actions found for VšĮ Biržų ligoninė in LT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
13 February 2026
Authority
Valstybine duomenu apsaugos inspekcija
Fine Amount
€6,000
GDPRhub ID
gdprhub-9846About this data
Cite as: Cookie Fines. VšĮ Biržų ligoninė - Lithuania (2026). Retrieved from cookiefines.eu
Last updated: