Commissioner - patient data on Instagram

From GDPRhub
Commissioner - patient data on instragram
Authority: Commissioner (Cyprus)
Jurisdiction: Cyprus
Relevant Law: Article 6(1)(a) GDPR
Type: Complaint
Outcome: Upheld
Decided: 11.10.2019
Published: n/a
Fine: 14,000 EUR
Parties: Anonymous
National Case Number: n/a
European Case Law Identifier: n/a
Appeal: n/a
Original Language: Greek
Original Source: In-Cyprus (EN)

The Commissioner fined a doctor € 14,000 for publishing sensitive patient data on Instagram.

English summary[edit | edit source]

Facts[edit | edit source]

Patient filed a complaint with the Commissioner because her doctor published her sensitive personal data in addition to her full identity on the social network Instagram without her prior consent. After investigation, the Commissioner found that the patient's consent for processing of her personal data did not cover the communication of this data on Instagram.

Dispute[edit | edit source]

Does the doctor, as data controller, need the patient's consent to publish patient's personal data, including sensitive data, on the social network Instagram?

Holding[edit | edit source]

The Commissioner found that the patient's consent must cover this publication for its lawfulness. Therefore, she fined the doctor € 14.000 for unlawful processing of personal (sensitive) data.

Comment[edit | edit source]

Share your comment here!

Further Resources[edit | edit source]

Share blogs or news articles here!

English Machine Translation of the Decision[edit | edit source]

There is no available machine translated decision. Please refer to the Cypriot original decision for details.

Help us to fil this section!