Resolutions, opinions and reports search tool

From the perspective of data protection regulations, providing the information relating to the cases attended to the traffic units, aggregated by sex and age "year by year, and not by age ranges", offers sufficient guarantees to be able to an effective anonymization of the health data of the affected persons will be considered.

The Public Health Agency of Catalonia communicated to the Labour Risk Prevention Services of the Catalan company in which it provides services denouncing the list of staff who did not have the complete pattern of vaccination against COVID-19. This communication was carried out within the framework of a vaccination campaign by the Health Department. In this respect, the communication in question does not contravene data protection regulations, insofar as both occupational risk prevention regulations and public health regulations empower health authorities to establish mechanisms for collaboration with the occupational risk prevention services of private companies.

The installation of a video surveillance system inside the classrooms of municipal kindergartens could be proportionate in the face of reasonable indications of the possible commission of a serious illegal act by a person working any of the children, exceptionally and for a limited time, and provided that information is provided in accordance with article 89 of the LOPDGDD. The person in charge, however, would not have sufficient legitimacy to install this system so that parents and/or legal guardians can view live images of the activities carried out by their children.

The councilors' access to personal data included in the Municipal Register of Inhabitants may be enabled when, taking into account the specific purposes of the Register, access is necessary and provided for the development of the control functions of the activities of the municipal corporation, or other functions that may be attributed to the councilor, in the terms provided for in the LRBRL. It is not justified for the councilor to access the municipal register of inhabitants to configure the electoral program of the municipal group in relation to the tax ordinances, to perform the relevant calculations, identifying the people who are registered there.

The Foundation's communication to families and students aged over 14 years of information on activities of external entities may have sufficient legal basis in the legitimate interest (art. 6.1.f) GDPR), provided that it refers to activities or entities linked to or related to the nature of the Foundation's schools, and provided that the Foundation applies the specific guarantees set out in the V Legal Foundation of this opinion.

The municipal policy for the use of digital information systems and devices must cover clear rules on the management to be made of the personalised corporate email account, and on the access to the information contained in it, both for the purpose of ceasing the employment relationship and in the event of temporary absence of the worker. It must also include specific provisions regarding the proper use of information systems by its staff and the control that the City Council can make of them to ensure their safety and good functioning. With regard to requests for access to and copying of e-mails by ex-workers, the observations made in this opinion must be taken into account.

It resolves to dismiss the request of the holder because restricting access to the health data of the holder, to all administrative, IT and citizen management staff of the Health Department, who may need access to it in the performance of their duties, would seriously distort the functioning and organisation of the health system. Furthermore, to the extent that the claimant also intended that the Ministry should enforce its right of opposition "in a global way and not individually", in relation to data relating to his or her health, which is treated at all Hospitals of Catalonia and Primary Care Centers, it is decided to also dismiss this claim, insofar as the Ministry of Health is not responsible for all the treatments pointed out by the claimant.

Personal data protection regulations do not prevent the dissemination of information relating to deceased persons. The minutes of the plenary sessions, with regard to the acts discussed, must be published in the electronic headquarters of the City Council without including specially protected data categories, or affecting honour or privacy or requiring special protection. In this case, the consent of those concerned should be made available so that the minutes can be disseminated, or the information anonymized should be disseminated. After 30 years, the provisions of Article 36 of Law 10/2001 may come into play. There is no legal basis for the dissemination, with a general scope, of the information contained in the municipal godparents of inhabitants on the city council website, without prejudice to the dissemination of the anonymized information of the godfather.

A municipal watcher photographs a vehicle with which a traffic offence is allegedly committed, in which the image of the person sitting inside is shown.

It is decided to sanction Badalona Health Services for the infringement of the principle of confidentiality, since the complained entity has confirmed that a worker from Badalona Municipal Hospital, managed by Badalona Health Services S.A, would have unduly accessed a third person's clinical history. The proposed sanction is EUR 2 000.