Private individual
€600
Insufficient legal basis for data processing
Decision Date
October 19, 2020
Authority
Austrian Data Protection Authority (dsb)
AT
Sector
Individuals and Private Associations
Country
ES
Law
GDPRStatus
FINALDescription
Between February and June 2020, a private individual published information about patients on his personal Facebook page. The information included health data in terms of Art. 4 (15) GDPR. In detail, the published data comprised patient names, diagnostic findings, medical diagnoses, medication data, data on hospital admissions and discharges, patients' social security numbers and the names of the treating physicians.
Legal Citations
Art. 5 (1)Art. 9
Issues & Violations
Insufficient legal basis for data processing