Resolutions, opinions and reports search tool

It is decided to file the present complaint, given that the accused City Council and, in particular, the Chief Inspector of the Local Police, included references to the data on the person's health reporting - who holds the status of local agent - since these were necessary to resolve the desirability of initiating a disciplinary file against him, for alleged withdrawal from service on health grounds. Thus, this Authority concludes that the processing of controversial personal data was covered by Article 6.1e) - processing carried out in the exercise of public powers - and that the circumstances provided for in Article 9.2 (f) and g) GDPR, which lift the prohibition on processing health data in Article 9.1 (GDPR).

The data protection regulations do not prevent access to information relating to the call and the bases of the selective processes carried out by the City Council, the rest of the acts of the processes subject to publication and, in particular, to the results of the called processes. Now, taking into consideration the circumstances that come together in the particular case, from the point of view of the general purpose of transparency, access to the tests carried out by the candidates in each of the selective processes, nor to the contracts of formalized work

One entity is sanctioned, absorbing another, within the framework of the provision of a health monitoring service. He sent citation emails to various workers who mistakenly contained data from other workers.

A private entity is sanctioned for having entrusted the management of the medical check appointments of workers to another entity without having formalised the contract of sub-responsor of the treatment, and without having requested the controller to authorise the sub-response of the treatment.

The registration of the pension scheme is a lawful treatment. It is not mandatory to report access to the data of the management and depository entities of the plan, since they have the status of processors.

The access and obtaining of a copy, by the Personnel Board, of the documentation certifying the merits alleged by the people participating in a provision process does not comply with the data protection regulations, due to the which should limit the query to the identity of the people who have obtained a job and the scores obtained in the different merits assessed.

The claimant requested an entity, by exercising the right of access, to hand over a copy of the document that another public entity had sent him, accrediting in the workplace his status as a victim of gender violence, as well as the original document. The claim is partially estimated as the claimant entity extemporarily resolved the request for access to the copy of the requested document, and is dismissed as regards the request for the submission of the original document, since the right of access provided for in Article 15 of the RGPD does not include the delivery of the original document, but only access to those personal data and to the copying of those data, as well as the right to copy them.

The claimant asked a Foundation, by exercising the right to data portability, to submit an original document that had been sent to it by another public body, accrediting in the workplace his status as a victim of gender violence. The claim was dismissed, as: (1) the right to portability does not include the delivery of the original document, but of the data in a structured, common-use and mechanical readership format; (2) the person concerned had not been the person who submitted this data to the claimed entity; and (3) the right to portability does not apply to the treatment needed to fulfil a mission performed in the public interest or in the exercise of public powers conferred to the responsible.

The City Council is admonished as being responsible for an infringement by violation of the principle of confidentiality, for having sent an uncopyed mail to workers in the local police force, identifying them with first and last name and e-mail address, revealing those who had not yet made the training session of prevention for the covid-19, and who as a result were listed on a "morious" people's stock exchange.

The regulations for the protection of personal data do not prevent the access of the person claiming the merely identifying data of the persons who have communicated to the contracted consulting company the information necessary for the assessment of City Council jobs, as well as to the different proposals of organigram or the RLT of the City council.