According to the resolution of the Data Protection Agency, the information was used for other purposes than those authorized.
The Data Protection Agency has imposed a fine of 10,000 euros to Jehovah's Witnesses for collecting data from doctors and patients without prior authorization.
The religious institution has a Hospital Liaison Committee (CEH) in each province that visits the hospitals to find out the degree of collaboration of the medical staff according to the beliefs of the Jehovah's Witnesses, "which is only realization of surgeries without transfusions ", is included in the resolution of the Agency to which Medical Drafting has had access.
When compiling these data, as demonstrated by the resolution, the members of the Committees overreached their duties, gathering information without requesting the relevant permission stipulated by law. The Jehovah's Witnesses have filed an appeal after the ruling but it has not been accepted.
Without consent
In the document, the existence of data that have been "stored and conserved, and imply the processing of data without consent that is imputed, estimating that they are part of a file, are related as rights basics". In addition, the resolution recounts certain inaccuracies of members of the Committees: "The statements of the member of the CEH that the database had been destroyed lack veracity to verify the survival of the same, which existed in 2014 and in 2017 - when He did the inspection - they still exist. "
On the allegation of the defendant regarding whether the data obtained from the doctors who are in their files are included or not within the scope of application of the LOPD, the Agency concise that it is doctors "who provide services in a public hospital , and it is historically data from personal interviews and their willingness to collaborate with the reported.The notes of collaborator / consultant are added to the doctor that consists in their databases, which is not a doctor's own data but a creation of the one denounced. "
Purpose of the collected data
As stated in the information to which this media has had access, the data collected in the databases analyzed "do not seek to contact the company / hospital but do so with each and every one of the specialties in the people of their doctors , members of the files, including several physicians within the same specialty in some cases, appreciating that the origin and transfer of the data come from the work of the CEH from which the files are fed ". Therefore, the Agency argues, "we only see a direct relationship with physicians, in no way with the Hospital, it can not be qualified as incidental data when physicians have been classified as collaborators or consultants".
Así, agrega la AEPD, "no se puede considerar que la inclusión de los datos del médico es meramente accidental en relación con el propósito que justifica el tratamiento, sino que es precisamente la identificación de cada uno de los profesionales médicos el objeto de las bases de datos creadas. y el propósito que motiva su creación ". Por lo tanto, "los médicos cuyos datos se encuentran en los archivos del demandado deben considerarse incluidos en el ámbito de aplicación de la LOPD porque el hecho de ser un médico y practicar la medicina, en sí mismo, no implica el desarrollo de un negocio de actividades, especialmente cuando dicha actividad médica tenga lugar en un hospital público perteneciente al Servicio de Salud de la Comunidad Autónoma de Cantabria en el que otra persona presta el servicio ".
En resumen, la Agencia considera que el propósito era "crear una base de datos con información de los médicos para conocer su posición con respecto a la medicina sin sangre o la disponibilidad de estas intervenciones. Las fuentes de acceso público, más específicamente en la página web del Hospital, deben ser indicó que no es que solo incluyan los datos de los médicos, sino que aparecen clasificados en carpetas, como colaborador o consultor, datos que no están en el hospital ".