Resolutions, opinions and reports search tool

Taking into account the applicable regulations, it can be considered that there is a sufficient legal basis for the publication and dissemination of the academic qualifications of the group of university students (eg art. 6.1, sections e) and f) RGPD), without prejudice to the necessary compliance with the rest of the principles and guarantees of the data protection regulations. Given the principle of minimization, only the data necessary to comply with the intended purpose should be disseminated, taking into account the parameters and guidelines derived from the seventh additional provision of the LOPDGDD.

The data protection regulations do not prevent the complainant from communicating the information he requests, regarding access to his clinical history, including the identity of the professionals, rank and professional category, who have accessed it.

Consent may be a legal basis for the processing of biometric data for the purpose of time control, provided that it constitutes a manifestation of free, specific, informed and unambiguous will on the part of the data subject to accept the processing, in the terms stated. In any case, before processing such as that provided for in the consultation, an impact assessment on data protection must be carried out in view of the specific circumstances in which the processing is carried out where, among other things, the application of the processing is analysed.

It is appropriate to warn the City Council, since it did not duly inform about the treatment of images captured by video surveillance cameras installed in the control points of access to restricted traffic areas, since, apart from the information contained in the information posters, in the complementary information that was available on the website of the consistory, the City Council did not inform about the right to file a claim provided to this Authority, and all extremes

The City Council should be reprimanded for 1) capturing images of public roads through the video surveillance camera system located on container islands that were not closed or delimited; and 2) process the images captured by this video surveillance system located on public roads, to exercise the sanctioning power against residents of the municipality. There is a medial concurrence between both infractions, but only the main infraction should be sanctioned, which is the violation of the principle of legality regarding the installation of a video surveillance system on public roads.

The claimant complained that the PGD had not responded to their requests for data deletion (4 in total) within the period of the legally provided month for this purpose. The complaint filed against the PGD is estimated, since it did not respond in time to its 4 requests, no pronouncement is made regarding the substance of the claim, since the PGD resolved to estimate the requests for deletion submitted by the claimant.

A City Council is reprimanded as being responsible for an infraction due to violation of the principle of legality, for having sent to an inspector of the Generalitat-Mossos d'Esquadra police force two instances with personal data without legal basis, specifically, before the opening of confidential information against the reporting agent, and without there being a real danger to public safety or the investigation and prosecution of a crime.

The claiming entity has not accredited that it has responded to the request for rectification exercised by the claimant.

It is appropriate to estimate the claim, since the ICS did not respond in time to the request of the claimant. Regarding the fund, it is not appropriate to make any pronouncement or require any action, since the ICS has accredited that it has delivered the documentation to the claimant in the requested terms, that is, it has made effective the right exercised by the claimant, although extemporaneously.

The person making the complaint showed that her HC3 was accessed from CABO Centelles on four occasions, during the months of May 2022, despite not having been visited at that health center. In response, the DPD of the reported entity has confirmed that it is the material author of the accesses and has justified them by arguing that they were necessary to be able to respond to a request for information that this Authority notified to the aforementioned entity, within the framework of another complaint. filed by the same person complaining. In relation to this, during the prior information phase it was found that the accesses carried out by the personal data protection delegate to the complainant's HC3 were justified, given that they were carried out in the exercise of his duties. , and to respond to a request from this Authority. For all this, the filing of these proceedings is appropriate.