Italy Italy

Dentist

20,000 €

GDPR enforcement action by Italian Data Protection Authority (Garante) on 2021-06-10.

Rank · Sector
#96
of 270 in Health Care
Rank · Italy
#186
of 543
Rank · All fines
#1,045
of 3,051

Case details

Authority
Italian Data Protection Authority (Garante)
Date
2021-06-10
Controller / Processor
Dentist
Sector
Health Care
Quoted Articles
Art. 5 (1) a), c) GDPR
Type of violation
Insufficient legal basis for data processing

Summary

The Italian DPA (Garante) has fined a dentist EUR 20,000. A data subject filed a complaint with the DPA against the dentist for refusing to treat him after the data subject had indicated he had HIV in his medical history form.
In the dentist's clinic, it was common practice for patients to fill out a medical history form before medical treatment, which contained questions about previous, existing or suspected infectious diseases (e.g. tuberculosis, hepatitis, HIV). The DPA considered this to be a violation of the principles of legality. It stated that it was legitimate to ask for such information in order to better plan medical treatment. However, it was not permissible to collect such information and then refuse treatment to the patient.

Open original source Links to the regulator's original publication or another source.

Related fines