Finnish DPA Fines Online Pharmacy for Privacy Breaches From Tracking
Finland's Office of the Data Protection Ombudsman fined a university pharmacy $1.3 million (EUR 1.1 million) for privacy breaches in tracking services in its online pharmacy, the DPA said Wednesday.
Sign up for a free preview to unlock the rest of this article
Data about online pharmacy transactions from May 2018 to September 2022 was leaked to tracking technology companies via website analytics services and other tracking technologies, the office said. It started probing the pharmacy's practices based on a tip from a doctoral researcher at the University of Turku whose dissertation investigated the operation of online health services through network traffic analysis.
The ombudsman's office found that the university pharmacy used cookies and other tracking technologies in its online pharmacy and that pharmacy services related to prescription drugs and self-care medicines were transmitted directly to Google and Meta.
Website visitors also provided such information as IP addresses and other identifying information that could be used to identify an individual user, the ombudsman said.
The pharmacy was fined and a statement from the regulator said that it had not taken sufficient care of personal data generated in its online operations. The ombudsman also provided guidance on monitoring technologies the business still uses. It also gave the pharmacy guidance about the monitoring technologies it continues using.