AKI - Uudishimupäring tõi väärteotrahvi

From GDPRhub
AKI - Uudishimupäring tõi väärteotrahvi
LogoEE.png
Authority: AKI (Estonia)
Jurisdiction: Estonia
Relevant Law: Article 5 GDPR
Article 6 GDPR
Type: Investigation
Outcome: Violation Found
Decided: n/a
Published: n/a
Fine: 48 EUR
Parties: n/a
National Case Number/Name: Uudishimupäring tõi väärteotrahvi
European Case Law Identifier: n/a
Appeal: Unknown
Original Language(s): Estonian
Original Source: Andmekaitse Inspektsioon (in ET)
Initial Contributor: n/a

The Estonian DPA fined a police officer €48 for requesting information about his future spouse and his family from a healthcare provider, without any legal basis for doing so.

English Summary[edit | edit source]

Facts[edit | edit source]

A police officer requested information about his future spouse and his family from a healthcare provider three times without any legal basis for doing so. A healthcare professional then researched the information and provided the police officer with it. This was in breach of both of their obligations towards privacy.

Dispute[edit | edit source]

Was the police officer entitled to this information or did it constitute a 'curious inquiry' which could be subject to a fine?

Holding[edit | edit source]

Both the police officer and the health care worker were fined for their inappropriate behavior and for their 'curious inquiries'. The police officer was fined €48 and the healthcare worker €56.

Comment[edit | edit source]

Share your comments here!

Further Resources[edit | edit source]

Share blogs or news articles here!

English Machine Translation of the Decision[edit | edit source]

The decision below is a machine translation of the Estonian original. Please refer to the Estonian original for more details.

A police officer and a health care worker received a misdemeanor fine from the Data Protection Inspectorate under a fast-track procedure for a curiosity request.
 
Both the health care worker and the police officer had no legal basis for making inquiries, ie there was no need for knowledge arising from the service task, and in both cases the employer had introduced the rules for using the information system and data protection requirements to the employees.

Nevertheless, the police officer inquired curiously about his future spouse and his family member in the MIS and Kairi systems a total of three times. At the request of a third party, the healthcare professional researched information from the e-health information system about the ambulance call to a specific person.

Employees were fined for curious inquiries. A police officer had to pay a fine of 48 euros and a health care worker 56 euros.

A fine of up to 800 euros (200 fine units) may be imposed on a natural person in an expedited procedure for violation of the requirements for the processing of personal data. In imposing the penalty, account has been taken of the fact that the persons regretted the act and agreed to the expedited procedure.