The information on which the search is based has been translated by a computer system without human intervention. It may contain errors in vocabulary, syntax or grammar. The translation may also produce mistakes in the searches performed.
184 results were found for your search terms Consent
Violation of the principle of legality derived from the failure to adopt appropriate measures.
PS 14/2024
The medical history of the reported foundation is configured in such a way that, by design and by default, the foundation's own and external doctors can access it, through the foundation's information systems. This fact caused an external doctor who treated the reporting person within the framework of private healthcare to access his medical history, without his explicit consent or any other legal basis that legitimized this treatment. In this case, the violation of the duty of data protection by design and by default is not imputed, since there is an ideal competition of infringements and only the most serious infringement is imputed; that is, the violation of the principle of legality (qualified as very serious). Nor is the violation of the principle of purpose limitation imputed, because it is subsumed in the infringement relating to the principle of legality.
05/07/2024
Collection of data without fulfilling the duty of information, and processing for unlawful purposes.
PS 52/2022
The right to information of the users of the entity, due to lack of documentary accreditation at the time of collection (Articles 12, 13, and 14 GDPR); and due to violation of the principle of application, due to the improper use of the data, which consists of subjective and negative comments on a group of members who wish to submit their candidature.
02/03/2023
Installation of video surveillance cameras in the classrooms of municipal kindergartens
CNS 37/2022
The installation of a video surveillance system inside the classrooms of municipal kindergartens could be proportionate in the face of reasonable indications of the possible commission of a serious illegal act by a person working any of the children, exceptionally and for a limited time, and provided that information is provided in accordance with article 89 of the LOPDGDD. The person in charge, however, would not have sufficient legitimacy to install this system so that parents and/or legal guardians can view live images of the activities carried out by their children.
22/12/2022
- SECTORIAL AREA
- Education
- PERSONAL DATA
- Child data
- Employees' data
- Image
- FUNDAMENTAL RIGHTS
- Rights of honour, privacy and self-image
- HABEAS DATA RIGHTS
- Right of information
- ENTITIES
- Public administration
- Local administration
- Council
- OBLIGATIONS
- Impact assessment
- PRINCIPLES
- Lawfulness principle
- Consent
- In the public interest or in the exercise of official authority
- Data minimization principle
- VIDEO SURVEILLANCE
Internet publication of the minutes of the Plenum of the City Council and the municipal godfather of inhabitants
CNS 34/2022
Personal data protection regulations do not prevent the dissemination of information relating to deceased persons. The minutes of the plenary sessions, with regard to the acts discussed, must be published in the electronic headquarters of the City Council without including specially protected data categories, or affecting honour or privacy or requiring special protection. In this case, the consent of those concerned should be made available so that the minutes can be disseminated, or the information anonymized should be disseminated. After 30 years, the provisions of Article 36 of Law 10/2001 may come into play. There is no legal basis for the dissemination, with a general scope, of the information contained in the municipal godparents of inhabitants on the city council website, without prejudice to the dissemination of the anonymized information of the godfather.
02/12/2022
Legitimation for the treatment of the name meaning in relation to certain groups
CNS 30/2022
Since the regulation urges the Public Administration to facilitate the use of the "sense name" by trans persons (art. 23.1 Law 11/2014), the processing of this data is not excessive for the purposes of the principle of minimisation, and may be lawful if carried out on the legal basis of the consent of the person concerned. Treatment of the "sense name", as identifying data relating to a natural person's gender identity or expression, does not, in principle, involve processing data from special categories. The identification information of the person concerned must also be dealt with in official documents (DNI/NIE or passport), in order to ensure the identification and, among other things, the principle of the accuracy of the information and its traceability.
10/11/2022
Communication of pseudonymized patient data in the pharmaceutical laboratory providing medication
CNS 28/2022
The hospital could communicate pseudonymized data relating to the health of patients treated with medicines for compassionate use in the pharmaceutical laboratory that facilitates the drug for clinical research purposes (Article 9.2.j) GDPR and paragraph 2.d) of DA 17a LOPDGDD) on the basis of the legitimate interest pursued by the laboratory.
02/11/2022
Report in relation to the Draft order regulating the membership of entities in the Enterprise Network
PD 14/2022
13/10/2022
Presence on a medical visit of a trained medical student.
IP 44/2021
Access to health data by a trained medical student - insofar as she is present at a medical visit - is in line with data protection regulations and also with health regulations from the moment the patient is informed of their presence and the patient gives verbal consent.
29/09/2022
Implementation of a register for civil protection actions in emergency situations
CNS 22/2022
The City Council could create a register of the residents of the municipality who, given the concurrence of certain circumstances, would require a quick action by the civil protection forces in emergency situations. The use of data from the Register for this purpose would be compatible, but the incorporation of information relating to people's health would require their explicit consent.
08/09/2022
- SECTORIAL AREA
- Municipal Population Register
- Civil protection
- PERSONAL DATA
- Sensitive data
- Health data
- ENTITIES
- Public administration
- Local administration
- Council
- OBLIGATIONS
- Impact assessment
- PRINCIPLES
- Purpose limitation principle
- Lawfulness principle
- Consent
- In the public interest or in the exercise of official authority
Personal mobile phone usage for sending SMS and Whatsapp by the Department at work.
IP 445/2021
File resolution dictated. The whistleblower complained that the department in which he worked sent him an SMS and a Whatsapp without him having authorized this treatment. RA is dictated on the basis of the consent and application of the treatment. The worker submitted two applications for compatibility with private activity on which the mobile phone was provided. After the period of suspension of his contract for very serious infringement, he asked for reinsertion in active service. In this context, he was sent an SMS notice notice of the resolution of the reinking request. And then, seeing that he had not rejoined the job, he was sent a whatsapp.
12/07/2022
Total number of pages: 19