AEPD (Spain) - E/05270/2018 – E/08416/2018: Difference between revisions
(Created page with "{{DPAdecisionBOX |Jurisdiction=Spain |DPA-BG-Color=background-color:#ffffff; |DPAlogo=LogoES.jpg |DPA_Abbrevation=AEPD (Spain) |DPA_With_Country=AEPD (Spain) |Case_Number_Na...") |
(Such a weird case, wish the Irish DPA did their job better and that we'd know how this happened! The summary was good overall and covered the key facts well, so I only changed some small grammar things and the short summary for the newsletter. Please do use gender neutral pronouns in the future though ('they/them/their'), even if the decision uses 'he' or 'she' :)) |
||
Line 52: | Line 52: | ||
}} | }} | ||
The Spanish DPA forwarded a complaint by a data subject regarding a public Facebook page that was created without their consent and disclosed their personal data (name, surname, address) to the Irish DPA. When they tried to delete it, the company requested that they prove their identity by providing even more personal data. | |||
== English Summary == | == English Summary == | ||
=== Facts === | === Facts === | ||
A data subject complained because Facebook had opened a public page | A data subject complained because Facebook had opened a public page disclosing their name, surname and address without their consent. | ||
=== Holding === | === Holding === | ||
Line 63: | Line 63: | ||
== Comment == | == Comment == | ||
The decision from the Spanish DPA does not explain whether (i) there was any investigation by the Irish DPA on why the page had been opened in the first place, and (ii) how Facebook had access to the data of the complainant. | |||
== Further Resources == | == Further Resources == |
Revision as of 08:58, 10 November 2021
AEPD (Spain) - E/05270/2018 – E/08416/2018 | |
---|---|
Authority: | AEPD (Spain) |
Jurisdiction: | Spain |
Relevant Law: | Article 6 GDPR Article 17 GDPR Article 56 GDPR |
Type: | Complaint |
Outcome: | Other Outcome |
Started: | |
Decided: | |
Published: | |
Fine: | None |
Parties: | |
National Case Number/Name: | E/05270/2018 – E/08416/2018 |
European Case Law Identifier: | n/a |
Appeal: | n/a |
Original Language(s): | Spanish |
Original Source: | AEPD (in ES) |
Initial Contributor: | n/a |
The Spanish DPA forwarded a complaint by a data subject regarding a public Facebook page that was created without their consent and disclosed their personal data (name, surname, address) to the Irish DPA. When they tried to delete it, the company requested that they prove their identity by providing even more personal data.
English Summary
Facts
A data subject complained because Facebook had opened a public page disclosing their name, surname and address without their consent.
Holding
The Spanish DPA forwarded the complaint to the Irish DPA as the main establishment of Facebook in Europe is in Ireland. The Irish DPC forwarded the complaint to Facebook and mediated to find an amicable solution by which Facebook accepted to delete the account opened on behalf of the complainant. The decision was communicated to the Spanish DPA that forwarded it to the complainant.
Comment
The decision from the Spanish DPA does not explain whether (i) there was any investigation by the Irish DPA on why the page had been opened in the first place, and (ii) how Facebook had access to the data of the complainant.
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Spanish original. Please refer to the Spanish original for more details.