Austria
Private Individual
600 €
GDPR enforcement action by Austrian Data Protection Authority (dsb) on 2020-10-19.
Rank · Sector
#264
of 270 in Health Care
Rank · Austria
#31
of 38
Rank · All fines
#2,769
of 3,050
Case details
- Authority
- Austrian Data Protection Authority (dsb)
- Date
- 2020-10-19
- Controller / Processor
- Private Individual
- Sector
- Health Care
- Quoted Articles
- Art. 5 (1) a) GDPR, Art. 9 GDPR
- Type of violation
- Insufficient legal basis for data processing
Summary
Between February and June 2020, a private individual published information about patients on his personal Facebook page. The information included health data in terms of Art. 4 (15) GDPR. In detail, the published data comprised patient names, diagnostic findings, medical diagnoses, medication data, data on hospital admissions and discharges, patients' social security numbers and the names of the treating physicians.
Open original source
Links to the regulator's original publication or another source.
Related fines
Austria
2019-10-29
16,000,000 €
ETid-96
Austrian Post
Transportation and Energy
Austria
2021-09-28
9,500,000 €
ETid-871
Austrian Post
Transportation and Energy
Austria
2022-01-14
8,000,000 €
ETid-988
REWE International AG
Industry and Commerce
Austria
2021
4,000,000 €
ETid-872
Bank
Finance, Insurance and Consulting
Austria
2024-08-16
1,500,000 €
ETid-2772
Company
Industry and Commerce
Austria
2024-08-16
1,500,000 €
ETid-2909
IKEA
Industry and Commerce