AKI (Estonia) - 17.08.2020

From GDPRhub
Revision as of 16:39, 8 September 2020 by Isabel Hahn (talk | contribs) (Created page with "{{DPAdecisionBOX |Jurisdiction=Estonia |DPA-BG-Color= |DPAlogo=LogoEE.png |DPA_Abbrevation=AKI |DPA_With_Country=AKI (Estonia) |Case_Number_Name=Uudishimupäring tõi väär...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
AKI - Uudishimupäring tõi väärteotrahvi
LogoEE.png
Authority: AKI (Estonia)
Jurisdiction: Estonia
Relevant Law: Article 5 GDPR
Article 6 GDPR
Type: Investigation
Outcome: Violation Found
Started:
Decided:
Published:
Fine: 48 EUR
Parties: n/a
National Case Number/Name: Uudishimupäring tõi väärteotrahvi
European Case Law Identifier: n/a
Appeal: Unknown
Original Language(s): Estonian
Original Source: Andmekaitse Inspektsioon (in ET)
Initial Contributor: n/a

The Estonian DPA fined a police officer €48 for requesting information about his future spouse and his family from a healthcare provider, without any legal basis for doing so.

and a health care worker €56

English Summary

Facts

A police officer requested information about his future spouse and his family from a healthcare provider three times, without any legal basis for doing so. A healthcare professional then researched the information and provided the police officer with it. and a health care worker €56

Dispute

Was the police officer entitled to this information?

Holding

Both the police officer and the health care worker were fined for their inappropriate behaviour. The police officer was fined €48 and the healthcare worker €56.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Estonian original. Please refer to the Estonian original for more details.

A police officer and a health care worker received a misdemeanor fine from the Data Protection Inspectorate under a fast-track procedure for a curiosity request.
 
Both the health care worker and the police officer had no legal basis for making inquiries, ie there was no need for knowledge arising from the service task, and in both cases the employer had introduced the rules for using the information system and data protection requirements to the employees.

Nevertheless, the police officer inquired curiously about his future spouse and his family member in the MIS and Kairi systems a total of three times. At the request of a third party, the healthcare professional researched information from the e-health information system about the ambulance call to a specific person.

Employees were fined for curious inquiries. A police officer had to pay a fine of 48 euros and a health care worker 56 euros.

A fine of up to 800 euros (200 fine units) may be imposed on a natural person in an expedited procedure for violation of the requirements for the processing of personal data. In imposing the penalty, account has been taken of the fact that the persons regretted the act and agreed to the expedited procedure.