Resolutions, opinions and reports search tool

The treatment carried out by the denounced municipal group is lawful because the information disseminated on their social networks, pursuant to Article 6.1 f) GDPR - about the satisfaction of legitimate interests, as is freedom of information - had been previously published in the Transparency Portal of the City Council in compliance with Article 57.1 LTC. Furthermore, it should be borne in mind that, although the complainant also complained about the fact that not all the content of his curriculum is published, but only certain extracts are published, this does not represent a violation of the principle of accuracy of the data, insofar as the published information was current and truthful.

The data protection regulations do not prevent the person making the claim from providing the service extension file corresponding to the person occupying the position of Intervention, omitting the information that contains special categories of data, specifically the person's health data affected.

The entity formulating the query can communicate the first and last names and the position or category of the workers referred to in the query (of station agents, auditors, machinists and staff of own offices who provide their services in the stations, trains and facilities, in a labor regime) at the request of people using the service who have submitted a claim against them. This communication would be authorized in article 6.1.c) RGPD in relation to the LTC. In the case of groups that require protection for security reasons, the communication should only include the professional identification number. The entity should inform the affected person that their data has been requested by a user before providing them with the information so that, if applicable, they can allege the personal circumstances on which the request is based their opposition to access. This, unless he had previously been informed about the possibility of these transfers, in accordance with the provisions of article 70.4 RLTC.

The data protection representative of a town hall requests that the Authority issue an opinion on the legal feasibility and legitimacy of recording images of people at sea for the development of a software and subsequently to implement a system consisting in the real-time capture of images of the beaches (without recording) with the purpose of serving as support in maritime rescue tasks. Current regulations do not give the City Council sufficient authority to implement video surveillance systems that involve the capture of images of identifiable physical persons in the bathing areas of the beaches for the purpose set out in the consultation.

Article 12 on the transparency of information is impotently violated by the publication of DPD contact data that did not correspond to the data of the person who actually performed those functions. This meant that the whistleblower could not have the information that the City Council was obliged to provide, constituting a breach provided for in Article 83.5.b.) GDPR in relation to article 74.a LOPDGDD, 'the incompliance of the principle of the transparence of informationn'.

The deletion does not apply when none of the circumstances provided for in Article 17.1 of the RGPD exist. Likewise, when treatment is necessary for compliance with a legal obligation (art. 17.3.b GDPR) or for defense of claims (art. 17.3.e GDPR), it is not appropriate to suppress it.

The PDB resolution estimating the request for the deletion of the personal data contained in the claimant's SIP file is declared extemporaneous, without going into any other considerations regarding the background since the PDB has resolved to delete its personal data and the PDB is required to prove that it has notified the estimation resolution to the claimant.

The response of the PDB is declared to be extemporaneous, where it is reported that the deletion of the data requested by the claimant has been made effective. The claim of guardianship made by the claimant against the GDPR is dismissed.

Infraction of security measures within the framework of an internal audit conducted by the Foundation: 1) in the process of assigning new passwords, it was not guaranteed that credentials were under the exclusive control of users, as in the first entry the system did not force change by the user. 2) This also meant that it could not be guaranteed to know in an undoubted way what, who and when he performed a certain amount of work in the computer system. This lack of security was particularly apparent when auditors created new "ex novo" credentials for the system technician, and with these new credentials they accessed their work team in order to avoid risks in the system.