The information on which the search is based has been translated by a computer system without human intervention. It may contain errors in vocabulary, syntax or grammar. The translation may also produce mistakes in the searches performed.
341 results were found for your search terms Lawfulness principle
Principle Request
IP 500/2021
The file of the complaint is agreed, since a rail agent, when detecting an infringement by tram users, can collect from the traveller the data relating to his or her DNI number, in order to extend a minimum perception bulletin. This is a lawful treatment, provided for in the rail regulations, which grants the status of agents of the authority to railway operators (Railway Law 4/2006).
02/02/2023
One school applied for the COVID-19 vaccination certificate of underage pupils.
IP 352/2021
Una madre denunció que la escuela había pedido que el primer día del curso escolar 2021-2022 aportaran el certificado de vacunación de covid-19 de su hijo menor de edad (de 12 años o más); que el dedo certificado también se pedía al personal de la escuela, y que la escuela tenía acceso a la aplicación informática Traçacovid. La denuncia se archiva porque, si bien se cierto que inicialmente la escuela se lo pidió, antes de iniciar el curso escolar comunicó a las madres y padres de alumnos que no lo aportaran (en base a una modificación de última hora del Plan de actuación para el curso 2021‐2022 para centros educativos en el marco de la pandemia); por otro lado, también se archiva porque no hay constancia que la escuela hubiera recogido ningún certificado de vacunación, y que la escuela negó tanto que requiriera el certificado a su personal, como haber accedido a la Traçacovid, y tampoco constan indicios. Además de los motivos de archivo, se concluye que el tratamiento de datos de salud por parte de los centros educativos por motivo de la gestión de los casos positivos de covid-19, estaría amparada por los 6.1.e) y 9.2.g) y y) del RGPD.
25/01/2023
Publish known data.
IP 268/2021
The complaint is archived, since the only personal data contained in the document published by the municipal government councillor through the Facebook wall on neighbourhood issues was the name and surname of the complainant as representative of a municipality entity. Information that the people’s neighbours, users of that social network, knew. In addition, this same information was accessible via the Internet, where it is published that the complainant is the president of that entity.
17/01/2023
Translate from a resolution (decree) that resolves a complaint of harassment to the president of the trade union to whom the harassing person belongs.
PS 67/2022
The principle of application is imposed. The transfer of the resolution involved communicating the identity of persons who were allegedly harassed and harassed; and, furthermore, some health data of the person who was harassed to the president of the trade union. Article 5.1.a) and 6.1 GDPR are being violated, as there is no legal basis for legitimisation. Furthermore, with regard to the communication of health data, Article 9.2 GDPR is also infringed.
17/01/2023
Published list of permanently vacated buildings.
PS 66/2022
A city council published in several official newspapers and on the municipal website, a notice notice of a mayoral decree to a plurality of people, containing a list of 381 buildings that the city council initially considered permanently unemployed, and identifying with the cadastral reference and exact address of each property, along with the full number of the DNI of the corresponding IBI passive persons in each case. The Advice is sanctioned, as the person responsible for the very serious infringement due to violation of the principle of application, for having made the publication without the concurrence of any legal basis. The publication of the real estate address along with the other published data (ref. cadastral and No. DNI) is considered excessive for the intended purpose (notification of the act), but the corresponding infringement, referring to the violation of the minimization principle, is subsumed in the infringement of the principle of application.
17/01/2023
High school 4rt students DNI send to all parents.
PS 63/2022
Infringement of the principle of application is required due to lack of legal basis in Article 6.1 GDPR. The Institute sent a statement with an attached document, to all parents, informing students of the optional subjects they will take, identified with the DNI number, and in order to purchase the school material. The DNI number is personal data, despite being treated in isolation.
03/01/2023
Identification of the person denouncing by an agent of the urban guard of Lleida.
IP 331/2021
The complainant complained about the fact that certain GU agents asked him to identify, without this action - according to the complainant - being enabled by any rule. However, the police report provided by the City Council, signed by three agents, describes the events that occurred and justifies identification for the prevention of a major conflict on the road. In this respect, it should be concluded that the processing was necessary for the exercise of public powers conferred on the controller (art. 6.1 e) GDPR) in accordance with the Organic Law for the Protection of Citizen Safety, and therefore the file of the complaint proceeds. The complainant also complained that the Lleida City Council has a register of social activists. However, in the absence of sufficient indications, and given that the accused entity has denied these facts, his file is proceeded.
03/01/2023
Communication to the occupational risk prevention services of a private company, of people who did not have the full pattern of vaccination against COVID-19.
IP 267/2021
The Public Health Agency of Catalonia communicated to the Labour Risk Prevention Services of the Catalan company in which it provides services denouncing the list of staff who did not have the complete pattern of vaccination against COVID-19. This communication was carried out within the framework of a vaccination campaign by the Health Department. In this respect, the communication in question does not contravene data protection regulations, insofar as both occupational risk prevention regulations and public health regulations empower health authorities to establish mechanisms for collaboration with the occupational risk prevention services of private companies.
29/12/2022
Installation of video surveillance cameras in the classrooms of municipal kindergartens
CNS 37/2022
The installation of a video surveillance system inside the classrooms of municipal kindergartens could be proportionate in the face of reasonable indications of the possible commission of a serious illegal act by a person working any of the children, exceptionally and for a limited time, and provided that information is provided in accordance with article 89 of the LOPDGDD. The person in charge, however, would not have sufficient legitimacy to install this system so that parents and/or legal guardians can view live images of the activities carried out by their children.
22/12/2022
- SECTORIAL AREA
- Education
- PERSONAL DATA
- Child data
- Employees' data
- Image
- FUNDAMENTAL RIGHTS
- Rights of honour, privacy and self-image
- HABEAS DATA RIGHTS
- Right of information
- ENTITIES
- Public administration
- Local administration
- Council
- OBLIGATIONS
- Impact assessment
- PRINCIPLES
- Lawfulness principle
- Consent
- In the public interest or in the exercise of official authority
- Data minimization principle
- VIDEO SURVEILLANCE
Lictude
PS 80/2022
A municipal group posted on their Facebook page a statement calling for the resignation of a councillor, echoing the existence of a sentence relating to a faulty trial in which he was convicted for events that occurred 12 years before the date of publication of that statement. Vulneration of the principle of Licitude.
20/12/2022
Total number of pages: 35