Resolutions, opinions and reports search tool

A citizen accesses, through his personal folder to the electronic headquarters of the City Council, the documentation of a third person in relation to a file that has nothing to do with his complaint. The violation of the principle of confidentiality is alleged. The infringement of art is also proven. 25 RGPD, of technical measures from the design and by default, although, after a medial competition, it is only charged for the most serious infringement.

In the collection of the data it is necessary to facilitate all the foreseen information to the article|item 13 of the RGPD. In fulfillment|compliment of the duties to data protection in the design, the responsible for the treatment has to adopt the technical and organizational measures adapted to apply the principles of data protection in an effective way, among|between which the principle|beginning of confidentiality. In the present case, was not guaranteed that the persons who joined to the group of WhatsApp created by the Town Council, they could not access the number of mobile|motive, photo of profile and user name of the rest of members.

The proposed anonymization process would not guarantee the treatment of anonymous data within the Project to be developed by the University. However, the option of articulating the treatment on the basis of the explicit consent of the persons concerned could be considered, without prejudice to the adoption of appropriate measures to ensure that this treatment is in line with the RGPD, such as providing detailed and clear information in this regard, and applying the measures indicated in the opinion to make re-identification difficult.

The City Council practiced notifications to citizens of the municipality without applying any protective measures that would prevent access to the contents of the document to notify, so that the notifier agent could access the full content of the notification. Also, to accredit the practice of the notification provided the notifier agent with a copy of the document to notify that the recipient had to sign.

The educational center or, where appropriate, the city council on which the nursery depends, is responsible for the processing of the data of students and parents, while the companies providing the applications subject to the consultation would be responsible for the processing of such data. The use of applications for communication with parents linked to the exercise of educational and guiding functions, can find coverage in article 6.1.e) in relation to the provisions of the LOE. In the event that the treatment is based on consent, in order for it to be valid, parents must have alternatives to be able to follow the agenda and communications of the school, without this entailing damage.

This report analyses the content of the documentation provided on a European research project, in particular in relation to the following issues: determination of liability or, where appropriate, co-responsibility of the processing; The information flows provided; International data Transfers (TID); Security; The use of anonymous data or pseudonimization. With regard to the processing of images captured with cameras by the city Council, this, as responsible, must have a sufficient legal base and must ensure compliance with the rest of the requirements of the data protection regulations. It is also necessary to provide an informed consent in the terms of article 4.11, and inform those affected (art. 13 RGPD).