Commissioner (Cyprus) - patient data on Instagram

From GDPRhub
Commissioner (Cyprus) -
Authority: Commissioner (Cyprus)
Jurisdiction: Cyprus
Relevant Law: Article 6(1)(a) GDPR
Type: Complaint
Outcome: Upheld
Decided: 11.10.2019
Fine: 14,000 EUR
Parties: Anonymous
National Case Number/Name:
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): Greek
Original Source: In-Cyprus (in EL)
Initial Contributor: n/a

The Commissioner fined a doctor € 14,000 for publishing sensitive patient data on Instagram.

English summary


Patient filed a complaint with the Commissioner because her doctor published her sensitive personal data in addition to her full identity on the social network Instagram without her prior consent. After investigation, the Commissioner found that the patient's consent for processing of her personal data did not cover the communication of this data on Instagram.


Does the doctor, as data controller, need the patient's consent to publish patient's personal data, including sensitive data, on the social network Instagram?


The Commissioner found that the patient's consent must cover this publication for its lawfulness. Therefore, she fined the doctor € 14.000 for unlawful processing of personal (sensitive) data.


Share your comment here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

There is no available machine translated decision. Please refer to the Cypriot original decision for details.

Help us to fil this section!