Skip to content
Enforcement
EN

Dentist: Insufficient legal basis for data processing

€20,000 fine - Italian Data Protection Authority (Garante)

€20,000 Fine
Dentist
ITALY
Insufficient legal basis for data processing

Content

The Italian DPA (Garante) has fined a dentist EUR 20,000. A data subject filed a complaint with the DPA against the dentist for refusing to treat him after the data subject had indicated he had HIV in his medical history form. In the dentist's clinic, it was common practice for patients to fill out a medical history form before medical treatment, which contained questions about previous, existing or suspected infectious diseases (e.g. tuberculosis, hepatitis, HIV). The DPA considered this to be a violation of the principles of legality. It stated that it was legitimate to ask for such information in order to better plan medical treatment. However, it was not permissible to collect such information and then refuse treatment to the patient.

GDPR Articles: Art. 5 (1) a), c) GDPR
Industry: Health Care