Italy
Azienda socio sanitaria locale n. 3 di Nuoro
13,000 €
GDPR enforcement action by Italian Data Protection Authority (Garante) on 2023-04-13.
Rank · Sector
#122
of 270 in Health Care
Rank · Italy
#243
of 543
Rank · All fines
#1,248
of 3,050
Case details
- Authority
- Italian Data Protection Authority (Garante)
- Date
- 2023-04-13
- Controller / Processor
- Azienda socio sanitaria locale n. 3 di Nuoro
- Sector
- Health Care
- Quoted Articles
- Art. 5 GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 2-septies (8) Codice della privacy
- Type of violation
- Insufficient legal basis for data processing
Summary
The Italian DPA has imposed a fine of EUR 13,000 on Azienda socio sanitaria locale n. 3 di Nuoro. An individual had filed a complaint with the DPA because the health authority had published their personal data (date of birth, residence, health-related data) on the internet in the context of a medication request. In the course of its investigation, the DPA found that the controller had published the data without a valid legal basis and therefore had acted unlawfully.
Open original source
Links to the regulator's original publication or another source.
Related fines
Italy
2024-02-08
79,100,000 €
ETid-2306
Enel Energia SpA
Transportation and Energy
Italy
2026-03-26
31,800,000 €
ETid-3162
Intesa Sanpaolo S.p.A.
Finance, Insurance and Consulting
Italy
2020-01-15
27,800,000 €
ETid-189
TIM (telecommunications operator)
Media, Telecoms and Broadcasting
Italy
2022-02-10
20,000,000 €
ETid-1098
Clearview Al Inc.
Industry and Commerce
Italy
2020-07-13
16,700,000 €
ETid-336
Wind Tre S.p.A.
Media, Telecoms and Broadcasting
Italy
2024-11-02
15,000,000 €
ETid-2497
OpenAI OpCo LLC
Media, Telecoms and Broadcasting