Resolutions, opinions and reports search tool

The data protection regulations do not prevent the councilor's access to information on the registrations and deregistrations of the Register that occurred in the specified period, including the date of registration or deregistration, without, in view of what is set out in the query, it is justified to include the name and surname, or the ID number or the address of the registered persons, or any other data that allows the information to be linked to identified or identifiable persons. As for the councilors of the government team, they can be identified with their first and last names indicating the date on which they were appointed or dismissed, but it would not be in line with data protection regulations to provide 'access to coexistence certificates.

The entity has not notified the Catalan Data Protection Authority of the designation of a data protection officer who, according to Article 37.1 of the GDPR, is a mandatory designation by the entity.

The city council sent an email to all municipal workers reporting a link that allowed them to access the content of all the resting resources that had been filed against the LST approval agreement, without the prior anonymization of the personal data contained there. In relation to these facts, the City Council did not notify the security violation in the Apdcat.

The complaint is archived, since the only personal data contained in the document published by the municipal government councillor through the Facebook wall on neighbourhood issues was the name and surname of the complainant as representative of a municipality entity. Information that the people’s neighbours, users of that social network, knew. In addition, this same information was accessible via the Internet, where it is published that the complainant is the president of that entity.

It resolves to admonise the City Council since for an unspecified period, which at least covers the months of November 2020 until January 2021, it did not have a risk analysis of the personal data it processed, nor had it implemented all the security and technical measures, in accordance with the National Security Scheme, as required by Article 32 GDPR, in relation to the recording of telephone calls maintained by the local police. On the other hand, the dissemination by a local police officer to other agents of the body, of the content of a telephone conversation held by the complainant with a Medical Emergencies Service worker, contravened the principle of confidentiality.

The principle of application is imposed. The transfer of the resolution involved communicating the identity of persons who were allegedly harassed and harassed; and, furthermore, some health data of the person who was harassed to the president of the trade union. Article 5.1.a) and 6.1 GDPR are being violated, as there is no legal basis for legitimisation. Furthermore, with regard to the communication of health data, Article 9.2 GDPR is also infringed.

A city council published in several official newspapers and on the municipal website, a notice notice of a mayoral decree to a plurality of people, containing a list of 381 buildings that the city council initially considered permanently unemployed, and identifying with the cadastral reference and exact address of each property, along with the full number of the DNI of the corresponding IBI passive persons in each case. The Advice is sanctioned, as the person responsible for the very serious infringement due to violation of the principle of application, for having made the publication without the concurrence of any legal basis. The publication of the real estate address along with the other published data (ref. cadastral and No. DNI) is considered excessive for the intended purpose (notification of the act), but the corresponding infringement, referring to the violation of the minimization principle, is subsumed in the infringement of the principle of application.

It states that the DGP, in relation to the part of the claimant's application that refers to the exercise of the right of access to the data contained in the SIP PF file, has not, in time, complied with the right exercised, without going into other considerations regarding the substance as regards access to the data contained in the SIP PF file, since, through the resolution of the DGP, it has been decided to provide its data; and it is partially estimated that the claim regarding the part of the claimant's application referring to the exercise of the right of access to the data contained in the SIP PFMEN file, has been made due to the disregard of the right of access to that data.

It states that the Directorate-General of the Police, in relation to the part of the application of the complainant referring to the exercise of the right of access to the data contained in the SIP PF file, has not, in time, complied with the right exercised, without going into other considerations with regard to the substance, since the GPS has decided to facilitate access to its data. The claim regarding the part of the claimant's application referring to the exercise of the right of access to the data contained in the SIP PFMEN file is partially considered, due to the disregard of the right of access to the said data.

From the perspective of data protection regulations, providing the information relating to the cases attended to the traffic units, aggregated by sex and age "year by year, and not by age ranges", offers sufficient guarantees to be able to an effective anonymization of the health data of the affected persons will be considered.