Resolutions, opinions and reports search tool

In accordance with the rules on the protection of personal data, the access of the claimant to the full content of the requested files is not justified, given the nature of the personal information of the files and the persons affected. This is without prejudice to the provision of anonymised or pseudonymized information which allows the calculations made in each case to be verified and verified, without allowing the identification or re-identification of the persons affected.

The requirement of the COVID certificate in the terms set out and which have been authorized by the Superior Court of Justice of Catalonia, cannot be considered contrary to the regulations for the protection of personal data. Likewise, when this certificate is required, the requirement to show the front of the DNI for the purposes of verifying identity is compatible and provided in accordance with personal data protection regulations.

The City Council did not carry out a risk analysis to determine the security measures applicable to ensure the security of personal data linked to 12,500 audited SIP queries, the effects of verifying whether they had been performed in the exercise of the functions entrusted to two officers of the Urban Guard.The effect was to verify whether they had been performed in the performance of reports with data of third persons; the actions performed by the head of the GU while on leave; the communication of the incoation of disciplinary files to the SIP; the communication of the incoation of disciplinary files to the trade union representatives; the request of the auditing of SIP accesses; and the encryption of the mail through which the audit of SIP access was requested.

The regulations for the protection of personal data and, consequently, the limits provided for in Articles 23 and 24 of the LTC apply to any personal data held by the City Council, regardless of whether it is part of an administrative file or not. The right of access recognized in the data protection regulations, includes the right to be informed as to whether their personal data are being processed and, if so, to receive information on the aspects referred to in article 15 of the RGPD (the purposes, the categories of data, the recipients to whom they will be communicated, the expected period of retention of the data, the rights relating to the protection of their data which may be exercised, where appropriate the origin of the data, the existence of automated decisions and guarantees in the event of international transfers) and, where appropriate, the right to obtain a copy. This information must be omitted from the notes that the professional staff has made in the file, the disclosure of which may be detrimental to the attention of the person using the service or any other data that may adversely affect the rights and freedoms of 'others, or any of the limits established from the provisions of Article 23 RGPD.

From the point of view of data protection regulations, information on the dates of affiliation and termination of affiliation may be provided, but access to information on the reasons for termination of affiliation should be denied. legation of the lawyers referred to in the claim.

Data protection regulations do not prevent access to information relating to visits by persons belonging to interest groups, nor to information on visits directly related to the public activity of the Administration. Information on visits by persons acting on behalf of and on behalf of legal persons, for purposes other than those of the stakeholders' own actions, may be provided by omitting the identity of the specific person representing them, unless consent is given. express of the persons affected or in the case of data made manifestly public by such persons. The data protection regulations would not allow the general communication of the identity of third parties who act in their own name and who visit the Department's offices. Without prejudice to the obligation of transparency regarding the public agendas of senior officials or management and similar staff in the sub-directorate-general, it also does not seem justified to provide widespread access to the identity of each and every public employee who receives visits.

From the point of view of data protection regulations, the person claiming the applications of the claimed CAP files relating to the estates of his property to which the claim refers can be provided, excluding the relative information. on plots declared to be owned by third parties. Information may also be provided on the overall amount of aid granted in respect of such declarations and, if available, the amount corresponding to the declared estates owned by the claimant.

With regard to the positions of trust and the eventual staff of the City Council, given the typology and characteristics of these positions, it is justified from the perspective of data protection, to provide individualized information for the remuneration concepts referred to by the claimant. , together with their identification, level and position they hold. As for the rest of the City Council's employees (staff and civil servants), the data protection regulations do not prevent the provision of information on the basic and complementary remuneration of each job, without identifying the people who occupy.

The ICS' response is extemporaneous for not having responded within the legally established deadline, without any demands being made when the substance is concerned or other considerations being made.

It has not been proven that the nursing staff of the entity, nor any faculty staff, have unduly accessed the clinical history of the complainant. Furthermore, the use of the contact data of the person concerned with the aim of quoting them for a medical assessment in the processing of a temporary disability is considered to be a regulatory treatment, as it is necessary for the fulfilment of a mission carried out in the public interest.