Resolutions, opinions and reports search tool

With regard to the request for access to information on the list of workers, from 1 January 2020 until the present, by years, indicating names and surnames, workplace and equipment where the activity is carried out, number of morning and afternoon days held in person and at a distance, and whether or not tickets have been paid in restaurants, it is justified only if this information is provided without identification by workplace and equipment where it performs its activity and replacing the name and surnames of workers with a code that does not allow them to be identified.

The entity gave an incomplete response to the claimant, which only referred to the deletion of any data contained in his or her clinical history, without referring to the claimant's statements about the existence of incorrect data in a medical report.

In view of the rules governing Equality Plans in companies, it can be said that the members of the Committee of Workers of the entity that are part of the negotiating Commission for the Equality Plan must be able to access information from the Tax Register, which must be in accordance with the terms of Article 28.2 of the ET, despite having professional categories with a small number of workers, while remaining those obliged to respect the confidentiality of this information.

The entity must answer clearly and precisely whether the personal data of the complainant has been transferred to third parties or not, and if so, identify the recipients of the personal data. The entity must inform the complainant of the specific reasons why it is decided not to follow up one of the requests made by the complainant.

Data protection regulations do not prevent the claimant from accessing information relating to legal entities or reports that do not contain personal information. Nor does it prevent access to the merely identifying information of the compliance officer and the external lawyers who wrote the reports. However, with respect to the information relating to the persons allegedly responsible, the reporting person and, where appropriate, witnesses, must be provided anonymously. And to the extent that effective anonymization is not possible, access must be facilitated through a summary of the actions taken, so that the physical persons affected are not identifiable.

The complainant complains that several of his data are entered in a report on his care issued during the emergency transport health service, which he considers to be wrong.

The treatment of driving staff's health data or functions related to the traffic safety of rail transport services to detect, by the company, alcohol or drug consumption, at the start or during working time, is enabled in Articles 6.1.c) and 9.2.h of the GPD in relation to rail legislation. In the case of personnel who carry out these duties in the transport services of the bus or cable network, the data protection regulations do not prevent regular controls on the consumption of the aforementioned substances, when it is established, justifiably, by the occupational risk prevention service, insofar as it may constitute a risk for third parties.

The communication of anonymized information from the Municipal Register to a public company for the development of a predictive tool in the field of social services would not require a legal basis to legitimize it, as the legislation does not apply in these cases of data protection. However, it is necessary to ensure that the anonymization process applied guarantees that the physical persons affected cannot be identified by third parties without disproportionate efforts, as well as to assess the risks of any subsequent re-identification of these persons and, where appropriate, adopt the appropriate measures to mitigate it.

The claimant can access to the information related to the number of the titular persons or authorized to making use of the credit cards linked to the entity, which it is the charge that they occupy, and a copy of the bank extracts between the years 2010 and 2020 that one of the figures of the number of card includes that they allow to identify it and a description of the concepts of expense that allows to categorize them (restoration, transport, stays...) and to set them in a context (emitter of the charge and date), but to facilitate another information avoiding that it can allow to know aspects linked in a more intense way to the private life like habits, models of behavior etc. On the other hand, once the information that is ordered has been attended to, it does not seem that there has to be impediment on giving access to the claimant to the identification of the person responsible for the accounting and taxation of the entity.