Irish Departement of Health

€22,500

Non-compliance with general data processing principles

Fecha de la decisión

16 de junio de 2023

Autoridad

Data Protection Authority of Ireland

IE

Sector

Health Care

País

IE

Ley

GDPR

Estado

FINAL

Descripción

The Irish DPA (DPC) has fined the Irish Department of Health EUR 22,500. The DPA launched an investigation into the department following public allegations that the department unlawfully processed personal data from claimants and their families in the context of litigation over special educational needs. The DPC found that the departement had obtained information from the Health Service Executive (HSE) about services that the plaintiffs and their families had received. They had also been asked broad questions that led to the disclosure of sensitive private information. The data was collected to determine whether a settlement could be pursued with the plaintiff. The DPC concluded that the collection of information about the social services provided was lawful. However, the questions that led to the disclosure of the sensitive information were excessive and, according to the DPC, not necessary for the purposes of the litigation. According to the DPC, this violated the principle of data minimization.

Citas legales

Art. 5 (1)Art. 6 (1)Art. 9 (1)

Problemas e infracciones

Non-compliance with general data processing principles
Ver documento oficial
Volver a la base de datos de multas
Multa anterior
Belgian Data Protection Authority (APD) - Belgian ...
Siguiente multa
Data Protection Authority of Hamburg (HmbBfDI) - C...

Manténgase al día sobre la aplicación de las normas de protección de la intimidad

Respetamos su intimidad. Un correo electrónico al mes, sin spam, darse de baja en cualquier momento.