Resolutions, opinions and reports search tool

The City Council should be reprimanded for 1) capturing images of public roads through the video surveillance camera system located on container islands that were not closed or delimited; and 2) process the images captured by this video surveillance system located on public roads, to exercise the sanctioning power against residents of the municipality. There is a medial concurrence between both infractions, but only the main infraction should be sanctioned, which is the violation of the principle of legality regarding the installation of a video surveillance system on public roads.

A City Council is reprimanded as being responsible for an infraction due to violation of the principle of legality, for having sent to an inspector of the Generalitat-Mossos d'Esquadra police force two instances with personal data without legal basis, specifically, before the opening of confidential information against the reporting agent, and without there being a real danger to public safety or the investigation and prosecution of a crime.

The Department of Social Rights (DDS) consulted the tax data of the complainant who was in the possession of the AEAT. This action is considered legitimate, taking into account that in accordance with Law 12/2007 and Law 2/2014 enables the DDS to consult ex officio, and without prior consent of the interested persons, the data of the beneficiaries of aid and those of their "economic unit of coexistence". The DDS has also accredited that in the forms to request aid for the dependency, an information clause is included on the possibility of consulting the data.

One person reported that he had received a call from a call centre for the purposes of COVID-19 vaccination, in which he was asked why he did not want to be vaccinated, and was informed that the call would be recorded. The Authority processed a sanctioning procedure against the Department of Health, who was warned for not having fulfilled the duty of information provided for in art. 13 RGPD. At the same time, he filed the rest of the reported facts, since, on the one hand, it was found that the call had been made by SEMSA, on behalf of the CatSalut, to whom the Department had commissioned to make those calls; and on the other hand, it was found that the collection of the reason for not wanting to be vaccinated (by free will) was protected by the applicable health regulations.

The reported entity sent the unpaid invoices by the leaseholder of a property owned by the complainant, to the complainant since this was the owner of the contracted policy for the supply of water and, therefore, the one obliged to pay the invoices. In this case, regardless of what the parties stipulated in the rental contract, the person who owned the property was obliged to pay before AGISSA. In this regard, it is worth saying that, later, the complainant changed the ownership of the policy in favor of a third person who leased his property and, when he left the property, he asked for the billing to be returned to his name. In this second case, the complainant also asked AGISSA to know the outstanding debt of the tenant since the transfer of rights and obligations of the aforementioned policy could only be carried out if the complainant assumed the amounts not satisfied. Likewise, he also alleged that he needed to know the outstanding amounts in order to be able to claim them judicially to the leased person of his property, to breach the clauses of the rental contract. In accordance with the above, the Authority considered that the sending of said information was protected by Article 6.1 f) RGPD since it was carried out to satisfy the legitimate interests of the complainant. Specifically, to satisfy the legitimate interest of the complainant to obtain the necessary evidence, to claim to the tenant of the property the amounts that he did not satisfy.

The Foundation could send an e-mail reporting on the training it will give this summer to its pupils on the legal basis of legitimate interest, provided that the information is limited to the training programme examined and is addressed exclusively to the pupils of up to 35 years of vocational training cycles, who should be given the option of opposing receiving communications of this kind.

The City Council put into operation and keep the system of fixed video surveillance cameras active in the municipality, without having obtained the prior authorization of the General Directorate of Citizen Security.

The corporate email address of a city council, since it allows the identification of the account holder, is a personal data protected by data protection regulations. The processing of personal data resulting from the sending of email messages by a public worker, in particular the inclusion of third-party corporate mail addresses and the submission to an external recipient, may be legal if a legal basis (art. 6.1 GDPR) occurs and compliance with the principle of purpose (art. 5.1.b) GDPR is met. According to the system of liability provided for in the GDPR, the responsibility for infringements of data protection regulations rests with the controllers, without prejudice to the consequences of disciplinary proceedings.

The City Council stored a common electronic folder, to which all agents and administrative staff of the Local Police could access, a complaint that the complainant filed about the counting of hours of the service days carried out.

The complainant complained that, within the framework of the processing of a request for access to public information, the GAIP would have revealed to third parties affected by the access, their identity without the latter having requested it. However, in the pre-information phase initiated by this Authority, the complained entity has stated that, one of the persons affected by the access asked to know who was requesting controversial information. In this regard, in accordance with Article 62 RLTC, the GAIP considered, after consulting the applicant, that the submission of the application with its identity could be essential for the defense of the rights and interests held by the third party concerned. That being so, it should be noted that, consulted by the GAIP, the person here denouncing consented to the revelation of his identity. According to the above, therefore, the reported treatment was left open by Article 6.1(a) and c), in connection with the LLT and the LTTE, which is why the present actions are being closed.