AKI - Uudishimupäring tõi väärteotrahvi | |
---|---|
Authority: | AKI (Estonia) |
Jurisdiction: | Estonia |
Relevant Law: | Article 5 GDPR Article 6 GDPR |
Type: | Investigation |
Outcome: | Violation Found |
Started: | |
Decided: | |
Published: | |
Fine: | 48 EUR |
Parties: | n/a |
National Case Number/Name: | Uudishimupäring tõi väärteotrahvi |
European Case Law Identifier: | n/a |
Appeal: | Unknown |
Original Language(s): | Estonian |
Original Source: | Andmekaitse Inspektsioon (in ET) |
Initial Contributor: | n/a |
The Estonian DPA fined a police officer €48 for requesting information about his future spouse and his family from a healthcare provider, without any legal basis for doing so.
English Summary
Facts
A police officer requested information about his future spouse and his family from a healthcare provider three times without any legal basis for doing so. A healthcare professional then researched the information and provided the police officer with it. This was in breach of both of their obligations towards privacy.
Dispute
Was the police officer entitled to this information or did it constitute a 'curious inquiry' which could be subject to a fine?
Holding
Both the police officer and the health care worker were fined for their inappropriate behavior and for their 'curious inquiries'. The police officer was fined €48 and the healthcare worker €56.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Estonian original. Please refer to the Estonian original for more details.
A police officer and a health care worker received a misdemeanor fine from the Data Protection Inspectorate under a fast-track procedure for a curiosity request. Both the health care worker and the police officer had no legal basis for making inquiries, ie there was no need for knowledge arising from the service task, and in both cases the employer had introduced the rules for using the information system and data protection requirements to the employees. Nevertheless, the police officer inquired curiously about his future spouse and his family member in the MIS and Kairi systems a total of three times. At the request of a third party, the healthcare professional researched information from the e-health information system about the ambulance call to a specific person. Employees were fined for curious inquiries. A police officer had to pay a fine of 48 euros and a health care worker 56 euros. A fine of up to 800 euros (200 fine units) may be imposed on a natural person in an expedited procedure for violation of the requirements for the processing of personal data. In imposing the penalty, account has been taken of the fact that the persons regretted the act and agreed to the expedited procedure.