ESTONIAN DATA PROTECTION INSPECTORATE FORBIDS E-PHARMACIES TO GIVE ACCESS OF OTHER PERSON'S PRESCRIPTIONS
European Data Protection Board (“EDPB”) announced that the Estonian Data Protection Inspectorate (“EDPI”) issued a warning to three e-pharmacy chains about allowing to view another person’s prescriptions without their consent. With the warning, EDPI gave a one-day compliance deadline and a penalty of 100.000 Euros to the e-pharmacies.
EDPI stated that e-pharmacies enable people to choose whether they requested their prescription information or the prescription information of someone else, and if they entered the personal identification code of another person, the corresponding information became available. Only one of the three pharmacy chains had a solution which required prior confirmation of whether the person has the right to view the above information. However, another person’s justification is not equivalent to the voluntary consent of the prescription holder, because the e-pharmacy cannot check whether and for what purpose consent has been given and whether it has been given voluntarily.
So that, EDPI highlighted that buying prescripted medicine for other people online must be possible, but the e-pharmacies must ensure that the prescription holder had consent to other people's access to their prescription information. Therefore EDPI warned these three e-pharmacies that firstly, they have to terminate access to another person’s prescription information; and later if they want to have an option of selling prescripted medicine for other people online, they have to arrange a system to obtain the prescription holder's voluntary consent on this issue.
You can find the text of the EDPB’s statement here.
Should you have any queries and/or remarks, please do not hesitate to contact us.