A fine of 20 thousand euros was imposed by the Privacy Guarantor on a surgeon for having published on his Instagram profile the photos of a patient before and after a face lift, moreover, without having acquired consent to the dissemination of the images. The Authority intervened following the complaint of the patient who complained about the publication, on the doctor’s social profile, of photos that portrayed her in a recognizable way during the operation.

During the investigation, the doctor stated that the images had been taken for internal use and that the publication was due to a misunderstanding related to the management of consents between the various professionals involved in the intervention. Justification deemed insufficient by the Guarantor who declared the processing of the patient’s health data unlawful, as it was carried out outside the purposes of treatment in violation of privacy legislation.

In determining the sanction, the Guarantor took into account the sensitive nature of the personal data disclosed and the particular context in which the violation occurred, in which the complainant’s legitimate expectation of confidentiality and privacy was high, also in consideration of the professional and fiduciary relationship with the doctor.

https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/10095854