UODO (Poland) - ZSZZS.440.768.2018: Difference between revisions
No edit summary |
No edit summary |
||
| Line 12: | Line 12: | ||
|Fine= 20.000 | |Fine= 20.000 | ||
|Currency= PLN | |Currency= PLN | ||
<!--Information about the applied law--> | |||
|GDPR_Article_1=Article 5(1)(c) GDPR | |||
|GDPR_Article_Link_1=Article 5 GDPR#1c | |||
|GDPR_Article_2=Article 9(1) GDPR | |||
|GDPR_Article_Link_2=Article 9 GDPR#1 | |||
|GDPR_Article_3=Article 58(2)(f) GDPR | |||
|GDPR_Article_Link_3=Article 58 GDPR#2f | |||
|GDPR_Article_4=Article 58(2)(g) GDPR | |||
|GDPR_Article_Link_4=Article 58 GDPR#2g | |||
|GDPR_Article_5=Article 58(2)(i) GDPR | |||
|GDPR_Article_Link_5=Article 58 GDPR#2i | |||
|GDPR_Article_6=Article 83(2) GDPR | |||
|GDPR_Article_Link_6=Article 83 GDPR#2 | |||
|GDPR_Article_7=Article 83(3) GDPR | |||
|GDPR_Article_Link_7=Article 83 GDPR#3 | |||
|GDPR_Article_8=Article 83(5)(a) GDPR | |||
|GDPR_Article_Link_8=Article 83 GDPR#5a | |||
|GDPR_Article_9=Article 83(7) GDPR | |||
|GDPR_Article_Link_9=Article 83 GDPR#7 | |||
|GDPR_Article_10= | |||
|GDPR_Article_Link_10= | |||
|GDPR_Article_11= | |||
|GDPR_Article_Link_11= | |||
|GDPR_Article_12= | |||
|GDPR_Article_Link_12= | |||
|GDPR_Article_13= | |||
|GDPR_Article_Link_13= | |||
|GDPR_Article_14= | |||
|GDPR_Article_Link_14= | |||
|GDPR_Article_15= | |||
|GDPR_Article_Link_15= | |||
|GDPR_Article_16= | |||
|GDPR_Article_Link_16= | |||
|GDPR_Article_17= | |||
|GDPR_Article_Link_17= | |||
|GDPR_Article_18= | |||
|GDPR_Article_Link_18= | |||
|GDPR_Article_19= | |||
|GDPR_Article_Link_19= | |||
|GDPR_Article_20= | |||
|GDPR_Article_Link_20= | |||
|Party_Link_1 =http://www.spisszkol.eu/typ/szkola-podstawowa/?wojewodztwo=pomorskie&powiat=gdansk | |Party_Link_1 =http://www.spisszkol.eu/typ/szkola-podstawowa/?wojewodztwo=pomorskie&powiat=gdansk | ||
|Party_Name_1 =Szkoła Podstawowa nr 2 w Gdańsku (Primary School in Gdańsk) | |Party_Name_1 =Szkoła Podstawowa nr 2 w Gdańsku (Primary School in Gdańsk) | ||
Revision as of 15:38, 9 March 2020
| UODO - ZSZZS.440.768.2018 | |
|---|---|
 | |
| Authority: | UODO (Poland) |
| Jurisdiction: | Poland |
| Relevant Law: | Article 5(1)(c) GDPR Article 9(1) GDPR Article 58(2)(f) GDPR Article 58(2)(g) GDPR Article 58(2)(i) GDPR Article 83(2) GDPR Article 83(3) GDPR Article 83(5)(a) GDPR Article 83(7) GDPR |
| Type: | Investigation |
| Outcome: | Violation found |
| Started: | |
| Decided: | 18. 2. 2020 |
| Published: | 5. 3. 2020 |
| Fine: | 20.000 PLN |
| Parties: | Szkoła Podstawowa nr 2 w Gdańsku (Primary School in Gdańsk) |
| National Case Number/Name: | ZSZZS.440.768.2018 |
| European Case Law Identifier: | n/a |
| Appeal: | n/a |
| Original Language(s): | Polish |
| Original Source: | UODO (in PL) |
| Initial Contributor: | n/a |
President of the Personal Data Protection Office (pol. PUODO) imposed a fine of PLN 20.000 (€4.700) in connection with the breach consisting in the processing of biometric data of children when using the school canteen.
English Summary
Facts
The school processed special categories of data (biometric data) of 680 children without a legal basis, whereas in fact it could use other forms of students identification. (...) Following an ex officio administrative proceedings, the President of the UODO has established that the school is using a biometric reader at the entrance to the school canteen that identifies the children in order to verify the payment of the meal fee.
The proceedings has shown that the school obtains the data and processes them on the basis of the written consent of the parents or legal guardians. The solution has been in place since 1 April 2015. In the school year 2019/2020, 680 pupils use a biometric reader and four pupils - an alternative identification system.[1]
