Azienda Ospedale-Università Padova – €5,000 Fine (Italy, 2023)

€5,000Garante per la protezione dei dati personali11 January 2023Italy
final
ePrivacy
Fine

Azienda Ospedale-Università Padova was fined €5,000 for sending an email with consent forms that revealed the email addresses of 19 recipients. This breach of privacy matters because it shows the importance of protecting personal information, especially in sensitive situations like clinical trials.

What happened

Azienda Ospedale-Università Padova sent an email containing consent forms to multiple recipients using an open distribution list.

Who was affected

The recipients of the email, who had their email addresses exposed to each other, were affected.

What the authority found

The Italian data protection authority found that the hospital violated GDPR rules by not adequately protecting personal data.

Why this matters

This case highlights the need for organizations to ensure that personal information is kept confidential, especially when handling sensitive data. It serves as a reminder for businesses to review their email practices to avoid similar violations.

GDPR Articles Cited

Art. 9 GDPR
Art. 33 GDPR
Art. 5(1) GDPR
Art. 58 GDPR
Art. 83 GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Azienda Ospedale-Università Padova actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 5,000 on Azienda Ospedale-Università Padova. The controller had sent an email containing consent forms for participation in a clinical trial to several recipients in an open distribution list. This allowed the recipients to view the email addresses of all other recipients, 19 in total.

Violations (1)

Cookies Placed Before Consent
critical

Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.

Art. 6(1) GDPR

Related Enforcement Actions (0)

No other enforcement actions found for Azienda Ospedale-Università Padova in IT

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

Data Subject versus Telecommunications Company

2025 · DPA OLGKoblenz

Legal Person

2023 · Úřad pro ochranu osobních údajů

€4K

Ramona Films, S.L.

2022 · Agencia Española de Protección de Datos

€8K

CNIL

2019 · Court of Justice of the European Union

Minister for Legal Protection

2022 · DPA RbOverijssel

Details

Fine Date

11 January 2023

Authority

Garante per la protezione dei dati personali

Fine Amount

€5,000

Enforcement Tracker ID

ETid-1755

GDPRhub ID

gdprhub-5754

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Azienda Ospedale-Università Padova - Italy (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: