Resolutions, opinions and reports search tool

The Human Resources unit of a City Council ended up accessing, through its Occupational Risk Prevention Service, information on whether one of its workers had been inoculated with the 2nd dose of covid19.

The complainant complained that Social Services would have provided her sister with information as part of a case for custody of minor children. It is dictated RA since the City Council acted in compliance with a mission of public interest, such as the protection of children, regulated by Law 12/2007, of Social Services. Specifically, as a risk situation had been detected, the complainant's sister was agreed to attend telephonely with the aim of exploiting the support that the family could offer and taking measures to reduce or eliminate the risk situation.

The councilors' access to personal data included in the Municipal Register of Inhabitants may be enabled when, taking into account the specific purposes of the Register, access is necessary and provided for the development of the control functions of the activities of the municipal corporation, or other functions that may be attributed to the councilor, in the terms provided for in the LRBRL. It is not justified for the councilor to access the municipal register of inhabitants to configure the electoral program of the municipal group in relation to the tax ordinances, to perform the relevant calculations, identifying the people who are registered there.

The City Council published the list of admitted and excluded persons with identification of accepted candidates (name and surnames) in accordance with the applicable regulations and during the indispensable period to satisfy the purpose of advertising and notification, no violation of the data protection regulations is seen.

The Foundation's communication to families and students aged over 14 years of information on activities of external entities may have sufficient legal basis in the legitimate interest (art. 6.1.f) GDPR), provided that it refers to activities or entities linked to or related to the nature of the Foundation's schools, and provided that the Foundation applies the specific guarantees set out in the V Legal Foundation of this opinion.

The transparency regulation lays down the minimum content to be disseminated in respect of the partnership agreements by limiting it, as regards personal data, to information on the name and surname of persons acting on behalf of the parties that sign them.

The data protection regulations do not prevent the claimant's access to the information relating to the authorizations for the exploitation of localized resources of the extractive activities that are requested, except for the data of the person who holds the representation of the legal entities to which authorizations or exploitation concessions were granted, if applicable, and the data of the engineers signing the demarcation plans contained in the resource exploitation concession titles.

The person claiming has the right to access the information contained in the file of the provision process in which he/she has participated, excluding documentation containing specially protected personal data, as well as those identifying or other data that are unnecessary to achieve the purpose pursued. It is not justified for the person making the claim to access the information relating to applicants who have obtained a final score lower than that of the person making the claim, except for that which has been the subject of publication in accordance with current regulations.

The municipal policy for the use of digital information systems and devices must cover clear rules on the management to be made of the personalised corporate email account, and on the access to the information contained in it, both for the purpose of ceasing the employment relationship and in the event of temporary absence of the worker. It must also include specific provisions regarding the proper use of information systems by its staff and the control that the City Council can make of them to ensure their safety and good functioning. With regard to requests for access to and copying of e-mails by ex-workers, the observations made in this opinion must be taken into account.

The complaint is filed about how a Hospital carried out the transfer of documentation from a trade union section to another room inside the hospital, since that transfer was carried out without jeopardising the protection of the personal data contained there, and the security measures taken to do so were appropriate to guarantee its safety and confidentiality.