Details:
| Summary | The Finnish DPA has imposed a fine of EUR 122,000 on a company with products that process health data, such as heart rate, etc. The DPA had received several complaints regarding the processing of health data from data subjects. During its investigation, the DPA found that the company did not have a sufficient legal basis to process various types of health data. While the company had informed users of the products about the processing of personal health data in general, it had failed to provide information for each of the different types of health data (e.g., body mass index or oxygen capacity), such as the purpose of the processing. Accordingly, the DPA found that the users’ consent could not be valid since it was not given on an individual basis and with full knowledge of the facts. |
| Link: | link link |
| Related articles: | Art. 9 GDPR |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 122,000 |
| Sector | Industry and Commerce |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/