Resolutions, opinions and reports search tool

Taking into account the applicable regulations, it can be considered that there is a sufficient legal basis for the publication and dissemination of the academic qualifications of the group of university students (eg art. 6.1, sections e) and f) RGPD), without prejudice to the necessary compliance with the rest of the principles and guarantees of the data protection regulations. Given the principle of minimization, only the data necessary to comply with the intended purpose should be disseminated, taking into account the parameters and guidelines derived from the seventh additional provision of the LOPDGDD.

The City Council should be reprimanded for 1) capturing images of public roads through the video surveillance camera system located on container islands that were not closed or delimited; and 2) process the images captured by this video surveillance system located on public roads, to exercise the sanctioning power against residents of the municipality. There is a medial concurrence between both infractions, but only the main infraction should be sanctioned, which is the violation of the principle of legality regarding the installation of a video surveillance system on public roads.

A City Council is reprimanded as being responsible for an infraction due to violation of the principle of legality, for having sent to an inspector of the Generalitat-Mossos d'Esquadra police force two instances with personal data without legal basis, specifically, before the opening of confidential information against the reporting agent, and without there being a real danger to public safety or the investigation and prosecution of a crime.

The City Council of Sant Boi de Llobregat is admonished as responsible for an infringement provided for in Article 83.5.a in relation to Article 5.1.f, both of the GDPR, for sending an email to numerous people without using the hidden copy tool.

Resolution with ammunation in the sanctioning procedure against the Garraf Health Consortium, Hospital Residencia Sant Camil, due to violation of the principle of accuracy. For having used a mobile phone that had in its database since 2011, instead of using the telephone provided with the derivation of the Sitges EAP, 2022.

The Department of Social Rights (DDS) consulted the tax data of the complainant who was in the possession of the AEAT. This action is considered legitimate, taking into account that in accordance with Law 12/2007 and Law 2/2014 enables the DDS to consult ex officio, and without prior consent of the interested persons, the data of the beneficiaries of aid and those of their "economic unit of coexistence". The DDS has also accredited that in the forms to request aid for the dependency, an information clause is included on the possibility of consulting the data.

One person reported that he had received a call from a call centre for the purposes of COVID-19 vaccination, in which he was asked why he did not want to be vaccinated, and was informed that the call would be recorded. The Authority processed a sanctioning procedure against the Department of Health, who was warned for not having fulfilled the duty of information provided for in art. 13 RGPD. At the same time, he filed the rest of the reported facts, since, on the one hand, it was found that the call had been made by SEMSA, on behalf of the CatSalut, to whom the Department had commissioned to make those calls; and on the other hand, it was found that the collection of the reason for not wanting to be vaccinated (by free will) was protected by the applicable health regulations.

The filing of the complaint is necessary for the following reasons: 1) It is accredited that no improper access has been made to the clinical history of the complainant. 2) In this case, it is considered that giving an extemporaneous response and requesting to fill in a specific form are management irregularities that do not have enough entity to start a sanctioning procedure.

It is resolved to declare that the Department of Health has committed the infringement provided for in Article 83.5a), in relation to Article 5 RGPD, which contemplates the principle of accuracy of personal data, since the platform "My Health" of the complainant contains inaccurate information about health professionals who would have attended it in different medical consultations. The discord is also manifested between the information contained on the one hand in the HC of the health center and the HC3; and on the other hand, in the information that appears in the LMS viewer.

The reported entity sent the unpaid invoices by the leaseholder of a property owned by the complainant, to the complainant since this was the owner of the contracted policy for the supply of water and, therefore, the one obliged to pay the invoices. In this case, regardless of what the parties stipulated in the rental contract, the person who owned the property was obliged to pay before AGISSA. In this regard, it is worth saying that, later, the complainant changed the ownership of the policy in favor of a third person who leased his property and, when he left the property, he asked for the billing to be returned to his name. In this second case, the complainant also asked AGISSA to know the outstanding debt of the tenant since the transfer of rights and obligations of the aforementioned policy could only be carried out if the complainant assumed the amounts not satisfied. Likewise, he also alleged that he needed to know the outstanding amounts in order to be able to claim them judicially to the leased person of his property, to breach the clauses of the rental contract. In accordance with the above, the Authority considered that the sending of said information was protected by Article 6.1 f) RGPD since it was carried out to satisfy the legitimate interests of the complainant. Specifically, to satisfy the legitimate interest of the complainant to obtain the necessary evidence, to claim to the tenant of the property the amounts that he did not satisfy.