AEPD (Spain) - PS/00367/2019: Difference between revisions
(Created page with "{{DPAdecisionBOX <!--Information about the DPA--> |Jurisdiction=Spain |DPA-BG-Color=#ffffff; |DPAlogo=logoES.jpg |DPA_Abbrevation=AEPD |DPA_With_Country=AEPD (Spain) <!--Inf...") |
m (Ar moved page AEPD - PS/00367/2019 to AEPD (Spain) - PS/00367/2019) |
||
(5 intermediate revisions by 3 users not shown) | |||
Line 9: | Line 9: | ||
<!--Information about the decision--> | <!--Information about the decision--> | ||
|Case_Number_Name=PS/ | |Case_Number_Name=PS/00367/2019 | ||
|ECLI=n/a | |ECLI=n/a | ||
|Original_Source_Name_1=AEPD | |Original_Source_Name_1=AEPD | ||
|Original_Source_Link_1=https://www.aepd.es/es/documento/ps- | |Original_Source_Link_1=https://www.aepd.es/es/documento/ps-00367-2019.pdf | ||
|Original_Source_Language_1=Spanish | |Original_Source_Language_1=Spanish | ||
|Original_Source_Language__Code_1=es | |Original_Source_Language__Code_1=es | ||
Line 35: | Line 35: | ||
|GDPR_Article_2=Article 83(5)(a) GDPR | |GDPR_Article_2=Article 83(5)(a) GDPR | ||
|GDPR_Article_Link_2=Article 83 GDPR#5a | |GDPR_Article_Link_2=Article 83 GDPR#5a | ||
|GDPR_Article_3= | |GDPR_Article_3=Article 58(2) GDPR | ||
|GDPR_Article_Link_3= | |GDPR_Article_Link_3=Article 83 GDPR#5a | ||
|GDPR_Article_4= | |GDPR_Article_4= | ||
|GDPR_Article_Link_4= | |GDPR_Article_Link_4= | ||
Line 72: | Line 72: | ||
|GDPR_Article_Link_20= | |GDPR_Article_Link_20= | ||
|Party_Name_1=Anoymous Vs. | |Party_Name_1=Anoymous Vs. ESPAÑA(Spanish far-right political party. | ||
|Party_Link_1= | |Party_Link_1= | ||
|Party_Name_2= | |Party_Name_2= | ||
Line 82: | Line 82: | ||
|Party_Name_5= | |Party_Name_5= | ||
|Party_Link_5= | |Party_Link_5= | ||
}} | |||
The AEPD issued a reprimand to the Spanish far-right political party VOX. The data controller had sent an email without blind copying, to the members of that political party, infringing Article 5(1)(f) GDPR (integrity and confidentiality principle). | |||
The | |||
==English Summary== | ==English Summary== | ||
===Facts=== | ===Facts=== | ||
The AEPD examined a complaint submitted against the political party VOX. The data controller had sent an email without blind copying, to the affiliates of the said political party. Following the filing of the complaint, the data controller acknowledged the facts and implemented the necessary security measures. | |||
===Dispute=== | ===Dispute=== | ||
Is the unintentionality and the adoption of measures to remedy the infringing conduct relevant for the fine reduction? | |||
===Holding=== | ===Holding=== | ||
The AEPD ruled that the sending of email without Bcc: the email recipients constituted a violation of the principle of integrity and confidentiality (Article 5(1)(f) GDPR) | The AEPD ruled that the sending of email without Bcc: the email recipients constituted a violation of the principle of integrity and confidentiality (Article 5(1)(f) GDPR). Regarding the fining, the authority decided to issue a warning sanction instead of a fine, although the sanction is still mentionning that the infringement at stake is subject to a fine according to Article 83.5 GDPR, in the lights of Recital (148) GDPR. | ||
==Comment== | ==Comment== |
Latest revision as of 14:32, 13 December 2023
AEPD - PS/00367/2019 | |
---|---|
Authority: | AEPD (Spain) |
Jurisdiction: | Spain |
Relevant Law: | Article 5(1)(f) GDPR Article 83(5)(a) GDPR Article 58(2) GDPR |
Type: | Complaint |
Outcome: | Upheld |
Started: | |
Decided: | n/a |
Published: | 21. 2.2020 |
Fine: | 2.500 € |
Parties: | Anoymous Vs. ESPAÑA(Spanish far-right political party. |
National Case Number/Name: | PS/00367/2019 |
European Case Law Identifier: | n/a |
Appeal: | n/a |
Original Language(s): | Spanish |
Original Source: | AEPD (in es) |
Initial Contributor: | n/a |
The AEPD issued a reprimand to the Spanish far-right political party VOX. The data controller had sent an email without blind copying, to the members of that political party, infringing Article 5(1)(f) GDPR (integrity and confidentiality principle).
English Summary
Facts
The AEPD examined a complaint submitted against the political party VOX. The data controller had sent an email without blind copying, to the affiliates of the said political party. Following the filing of the complaint, the data controller acknowledged the facts and implemented the necessary security measures.
Dispute
Is the unintentionality and the adoption of measures to remedy the infringing conduct relevant for the fine reduction?
Holding
The AEPD ruled that the sending of email without Bcc: the email recipients constituted a violation of the principle of integrity and confidentiality (Article 5(1)(f) GDPR). Regarding the fining, the authority decided to issue a warning sanction instead of a fine, although the sanction is still mentionning that the infringement at stake is subject to a fine according to Article 83.5 GDPR, in the lights of Recital (148) GDPR.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the **Spanish** original. Please refer to the **Spanish** original for more details.
to be completed