Details:
| Summary | The Italian DPA (Garante) has fined a dentist EUR 20,000. A data subject filed a complaint with the DPA against the dentist for refusing to treat him after the data subject had indicated he had HIV in his medical history form. In the dentist’s clinic, it was common practice for patients to fill out a medical history form before medical treatment, which contained questions about previous, existing or suspected infectious diseases (e.g. tuberculosis, hepatitis, HIV). The DPA considered this to be a violation of the principles of legality. It stated that it was legitimate to ask for such information in order to better plan medical treatment. However, it was not permissible to collect such information and then refuse treatment to the patient. |
| Link: | link |
| Related articles: | Art. 5 (1) a), c) GDPR |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 20,000 |
| Sector | Health Care |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/