Azienda USL della Romagna – €50,000 Fine (Italy, 2021)

€50,000Garante per la protezione dei dati personali27 January 2021Italy
final
ePrivacy
Fine

The Italian DPA (Garante) imposed a fine of EUR 50,000 on Azienda USL della Romagna. Upon her arrival at the gynecology unit of a hospital operated by the controller (for the purpose of an abortion), a patient had explicitly asked the controller not to share her health data with third parties. She had separately left a telephone number for the purpose of being contacted. After the patient was discharged, a nurse tried to contact her in order to inform her about further therapy. However, the nurse did not use the telephone number provided by the patient specifically for this purpose, but instead used her home telephone number, which she was able to obtain from her patient file. When her husband took the call instead of the patient, the nurse informed him about her treatment, contrary to the patients request. Even though no further medical information was provided, it was clear from the conversation that the data subject had been admitted to this unit and was to receive further therapy.

GDPR Articles Cited

Art. 9(GDPR)
Art. 5(1)(a) GDPR
Art. 5(1)(d) GDPR
Art. 5(1)(f) GDPR
Art. 32(1)(b) GDPR
Art. 58(2)(i) GDPR
Art. 83(4) GDPR
Art. 83(5) GDPR

National Law Articles

Codice in materia di protezione dei dati personali (Testo coordinato)
Legge 22 maggio 1978, n. 194
Italy enforcementGarante per la protezione dei dati personali actionsAll Azienda USL della Romagna actions
Full Legal Summary

The Italian DPA (Garante) imposed a fine of EUR 50,000 on Azienda USL della Romagna. Upon her arrival at the gynecology unit of a hospital operated by the controller (for the purpose of an abortion), a patient had explicitly asked the controller not to share her health data with third parties. She had separately left a telephone number for the purpose of being contacted. After the patient was discharged, a nurse tried to contact her in order to inform her about further therapy. However, the nurse did not use the telephone number provided by the patient specifically for this purpose, but instead used her home telephone number, which she was able to obtain from her patient file. When her husband took the call instead of the patient, the nurse informed him about her treatment, contrary to the patients request. Even though no further medical information was provided, it was clear from the conversation that the data subject had been admitted to this unit and was to receive further therapy.

Violations (1)

Third-Party Cookies Without Consent
critical

Third-party tracking cookies or scripts are loaded without obtaining prior user consent.

Art. 13, 14 GDPR

Related Enforcement Actions (0)

No other enforcement actions found for Azienda USL della Romagna in IT

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

Legal Person

2023 · Úřad pro ochranu osobních údajů

€4K

unknown (claimant)

2021 · DPA OLGWien

Apple Distribution International Limited

2025 · Commission Nationale de l'Informatique et des Libertés

CNIL

2019 · Court of Justice of the European Union

Court case 9 O 173/24

2024 · DPA LGTraunstein

Details

Fine Date

27 January 2021

Authority

Garante per la protezione dei dati personali

Fine Amount

€50,000

Enforcement Tracker ID

ETid-559

GDPRhub ID

gdprhub-3239

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Azienda USL della Romagna - Italy (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: