Azienda USL della Romagna – €50,000 Fine (Italy, 2021)

€50,000Garante per la protezione dei dati personali27 January 2021Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Azienda USL della Romagna was fined for improperly sharing a patient's information with her husband instead of contacting her directly. This ruling is significant because it highlights the importance of respecting patient privacy and consent. Healthcare providers must ensure they follow strict rules about sharing sensitive information.

What happened

Azienda USL della Romagna shared a patient's health information with her husband without her consent.

Who was affected

A patient who requested that her health data not be shared with third parties.

What the authority found

The Italian data protection authority imposed a fine on Azienda USL della Romagna for violating GDPR rules on data protection and consent.

Why this matters

This case serves as a reminder for healthcare providers to prioritize patient confidentiality. Failing to do so can result in significant fines and loss of trust.

GDPR Articles Cited

Art. 9(GDPR)
Art. 5(1)(a) GDPR
Art. 32(1)(b) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Azienda USL della Romagna actions
Full Legal Summary
Detailed

The Italian DPA (Garante) imposed a fine of EUR 50,000 on Azienda USL della Romagna. Upon her arrival at the gynecology unit of a hospital operated by the controller (for the purpose of an abortion), a patient had explicitly asked the controller not to share her health data with third parties. She had separately left a telephone number for the purpose of being contacted. After the patient was discharged, a nurse tried to contact her in order to inform her about further therapy. However, the nurse did not use the telephone number provided by the patient specifically for this purpose, but instead used her home telephone number, which she was able to obtain from her patient file. When her husband took the call instead of the patient, the nurse informed him about her treatment, contrary to the patients request. Even though no further medical information was provided, it was clear from the conversation that the data subject had been admitted to this unit and was to receive further therapy.

Violations (1)

Third-Party Cookies Without Consent
critical

Third-party tracking cookies or scripts are loaded without obtaining prior user consent.

Art. 13, 14 GDPR

Related Enforcement Actions (0)

No other enforcement actions found for Azienda USL della Romagna in IT

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

Legal Person

2023 · Úřad pro ochranu osobních údajů

€4K

unknown (claimant)

2021 · DPA OLGWien

RAMONA FILMS, S.L.

2022 · Agencia Española de Protección de Datos

€8K

CNIL

2019 · Court of Justice of the European Union

Court case 9 O 173/24

2024 · DPA LGTraunstein

Details

Fine Date

27 January 2021

Authority

Garante per la protezione dei dati personali

Fine Amount

€50,000

Enforcement Tracker ID

ETid-559

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Azienda USL della Romagna - Italy (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: