The Spanish data protection authority, the AEPD, has fined a health clinic €30,000 for making patients take their temperature on a device located in the reception and waiting area and “within sight of third persons”. As health data, the temperature data was special category. The AEPD recognised that as this was during the pandemic taking individuals’ temperature could be legitimate in itself, but the processing had to be carried out in compliance with the other requirements of the GDPR, in particular those guaranteeing confidentiality.
In this context the decision notes that “having an ornamental plant in a medium-sized pot located in a corner above the reception desk” is not an appropriate technical or organizational measure to protect the security and confidentiality of personal data.
/Passle/5f3d6e345354880e28b1fb63/MediaLibrary/Images/2024-04-26-12-59-12-475-662ba5204e6fd2dbde5853d5.jpg)
/Passle/5f3d6e345354880e28b1fb63/SearchServiceImages/2024-04-26-10-28-04-355-662b81b4d23a6cec5bfb17f2.jpg)