IP - 07121-1/2020/2187: Difference between revisions
Tags: Replaced Visual edit |
|||
Line 80: | Line 80: | ||
==English Machine Translation of the Decision== | ==English Machine Translation of the Decision== | ||
The decision below is a machine translation of the Slovenian original. Please refer to the Slovenian original for more details. | The decision below is a machine translation of the Slovenian original. Please refer to the Slovenian original for more details. | ||
<pre> | |||
</pre> |
Revision as of 14:22, 4 February 2021
IP - 07121-1/2020/2187 | |
---|---|
Authority: | IP (Slovenia) |
Jurisdiction: | Slovenia |
Relevant Law: | Article 6(1)(c) GDPR Article 9(2)(h) GDPR Article 28 Insurance Act Article 268 Insurance Act |
Type: | Advisory Opinion |
Outcome: | n/a |
Started: | |
Decided: | 09.12.2020 |
Published: | |
Fine: | None |
Parties: | n/a |
National Case Number/Name: | 07121-1/2020/2187 |
European Case Law Identifier: | n/a |
Appeal: | n/a |
Original Language(s): | Slovenian |
Original Source: | IP (Slovenia) (in SL) |
Initial Contributor: | n/a |
The Slovenian DPA (IP) issued an opinion on justification of sharing medical records with the insurance company on the basis of a cooperation agreement in the field of specialist medical examinations.
English Summary
Facts
According to the complainant, the Slovenian Insurance Act allows an insurance company to obtain medical documentation from a healthcare provider but only to the scope where it is necessary and appropriate to achieve the purposes of processing. In all other cases, the company should obtain a written consent from an insured person.
Dispute
Does Article 268 of the Slovenian Insurance Act constitute appropriate legal basis of accessing to medical documentation by an insurance company?
Holding
IP clarified that the controller must have a legal and appropriate legal basis for any processing of personal data, including their disclosure through transmission or dissemination. IP emphasized that it is sufficient for the lawfulness of the processing that one of the separate legal bases set out in Article 6 (1) in conjunction with Article 9 (2) of the General Regulation is met. This means that if the controller processes personal data e.g. by law, he is not obliged to obtain consent for this information.
The legal basis for the transmission of personal data to an insurance company is given in Article 286 of the Insurance Act. The insurance company is entitled to obtain relevant medical documentation relating to the insured or the beneficiary from the insurance if this documentation is necessary for concluding and implementing insurance contracts, recovery of unpaid liabilities from insurance contracts, settling claims, claiming claims and other rights and obligations, including the investigation of suspicious cases of unduly paid compensation or insurance benefits arising from insurance under this Act, and verification of political exposure of persons under the Act governing the prevention of money laundering and terrorist financing (third paragraph of Article 268 of ZZavar-1). The insurance company is therefore entitled, inter alia, to the documentation required for: - taking out insurance, e.g. in the case of a medical examination before taking out life insurance, - deciding on an insurance claim, e.g. in the case of a claim for damages based on damage insurance, - performing an insurance contract.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Slovenian original. Please refer to the Slovenian original for more details.