Resolutions, opinions and reports search tool

The data protection regulations do not prevent the complainant from communicating the information he requests, regarding access to his clinical history, including the identity of the professionals, rank and professional category, who have accessed it.

Consent may be a legal basis for the processing of biometric data for the purpose of time control, provided that it constitutes a manifestation of free, specific, informed and unambiguous will on the part of the data subject to accept the processing, in the terms stated. In any case, before processing such as that provided for in the consultation, an impact assessment on data protection must be carried out in view of the specific circumstances in which the processing is carried out where, among other things, the application of the processing is analysed.

Given that at the time of the application for access the selection body has not assessed the merits claimed by the participants in the selection process, access to the documentation accrediting these merits (or to the spreadsheet in which they are related) would not be justified, without prejudice to the fact that, once their assessment has been carried out, access can be recognised with regard to, if applicable, those participants who have finally been selected or who have obtained a better position in the job exchange with respect to the claimant.

The right to data protection would not prevent the claimant from accessing the requested public information that only contains aggregated data. Likewise, in view of the concurrent circumstances in the specific case, it would be justified to release pseudonymized information on the distribution of cases among the lawyers assigned to the TOAD, with an indication of the associated incidences, as well as on the invoices presented by these lawyers, for the period between 2018 and 2022. However, the information on the persons assisted by the TOAD lawyers that may be included would have to be omitted, in any case.

Data protection regulations would not prevent access to the statements of the practical and theoretical exams, along with the correction criteria, proposed in the selective process referred to in the petition, but as regards obtaining a copy of the exams in question, their submission in the specific case examined would only be possible after anonymisation of this information.

Data protection regulations do not prevent the claimant from having access to information concerning public employees who had intervened in the various previous research actions and disciplinary proceedings processed between 2020 and 2022, both of which have been resolved and who have not participated in the irregular conduct, unless there are exceptional circumstances. However, in accordance with the fundamentals that have been laid down, access to the files can be facilitated through the anonymisation mechanism or, where this measure is not effective, through a summary of the files, so that in no case are the natural persons concerned (people investigated and, if applicable, complainants or witnesses) identifiable.

On the basis of the information that the city council has provided for consultation, data protection regulations would not prevent access to the number of disciplinary files initiated in 2022. However, in the event that the applicant is interested in accessing other information that exceeds the number of disciplinary proceedings initiated, the City Council must analyse the possibility of access according to the categories of personal data concerned, taking into consideration the grounds that have been set out.

El responsable del tratamiento tendría que revisar el AIPD efectuada para garantizar que esta recoge tanto la información prevista en el artículo 10 de la Instrucción 1/2009, de 10 de febrero, sobre el tratamiento de datos de carácter personal mediante cámaras con fines de videovigilancia, así como el resto de requisitos establecidos por el artículo 35.7 del RGPD. La consulta previa a esta Autoridad únicamente es preceptiva cuando la AIPD muestre que el tratamiento comporta un alto riesgo si el responsable del tratamiento no toma medidas para mitigarlo.

Data protection regulations would not allow the trade union delegate to access a copy of the payrolls of the work staff affected by the application for access. However, it is possible to communicate the information contained in payrolls in an aggregate way, so as to ensure that they are not identified.