Commissioner (Cyprus) - 11.17.001.007.125: Difference between revisions
m (Panayotis.Yannakas moved page Comissioner - 11.17.001.007.125 to Commissioner - 11.17.001.007.125) |
m (Typo) |
||
Line 4: | Line 4: | ||
|DPA-BG-Color=background-color:#ffffff; | |DPA-BG-Color=background-color:#ffffff; | ||
|DPAlogo=LogoCY.jpg | |DPAlogo=LogoCY.jpg | ||
|DPA_Abbrevation= | |DPA_Abbrevation=Commissioner | ||
|DPA_With_Country= | |DPA_With_Country=Commissioner (Cyprus) | ||
|Case_Number_Name=11.17.001.007.125 | |Case_Number_Name=11.17.001.007.125 | ||
|ECLI= | |ECLI= | ||
|Original_Source_Name_1= | |Original_Source_Name_1=Commissioner (Cyprus) | ||
|Original_Source_Link_1=http://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/D9EDB20F259B7F76C2258596003B9748/$file/Decision%20-%20Gaijin%20network%2004-2019.pdf | |Original_Source_Link_1=http://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/D9EDB20F259B7F76C2258596003B9748/$file/Decision%20-%20Gaijin%20network%2004-2019.pdf | ||
|Original_Source_Language_1=Greek | |Original_Source_Language_1=Greek |
Revision as of 07:11, 6 November 2020
Commissioner - 11.17.001.007.125 | |
---|---|
Authority: | Commissioner (Cyprus) |
Jurisdiction: | Cyprus |
Relevant Law: | Article 12(2) GDPR Article 12(6) GDPR Article 17 GDPR Article 58(2)(d) GDPR |
Type: | Complaint |
Outcome: | Upheld |
Started: | |
Decided: | 02.06.2020 |
Published: | |
Fine: | None |
Parties: | GAIJIN NETWORK LTD |
National Case Number/Name: | 11.17.001.007.125 |
European Case Law Identifier: | n/a |
Appeal: | Unknown |
Original Language(s): | Greek |
Original Source: | Commissioner (Cyprus) (in EL) |
Initial Contributor: | n/a |
The Cypriot Comissioner ordered video game company to bring its processing operations into compliance with Article 12(2) GDPR as it found they should implement additional modalities to facilitate data subjects' rights and enable the latter to justify their identity according to Article 12(6) GDPR.
English Summary
Facts
A data subject made a request for erasure of his personal data to a video game provider, Gaijin Netword Ltd. Gaijin requested additional information in order to identify the data subject. The data subject failed to provide the authentication information and Gaijin rejected the request.
Dispute
Was the rejection of the data subject's request for rectification as well as the company's request for additional identification information lawful?
Holding
The Comissioner found that in this particular case Gaijin could not comply with the request for erasure as authentication information was missing. However, Gaijin should implement additional modalities to facilitate the exercise of data subjects' rights. The current Gaijin's modalities do not fully comply with the GDPR and additional mechanisms should be implemented so that users with hacked accounts could be also identified according to Article 12(6) GDPR.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Greek original. Please refer to the Greek original for more details.
Please see the original decision which is already in English.