ВАС - № 6759: Difference between revisions
(Created page with "{{COURTdecisionBOX |Jurisdiction=Bulgaria |Court-BG-Color= |Courtlogo=Courts_logo1.png |Court_Abbrevation=ВАС |Court_With_Country=ВАС (Bulgaria) |Case_Number_Name=№...") |
No edit summary |
||
| Line 65: | Line 65: | ||
=== Facts === | === Facts === | ||
On 11 April 2019 a complaint was filed with the Bulgarian Data Protection Authority (CPDP), regarding a letter that the complainant had received in relation to enforcement proceedings against her. The letter was addressed to her, her father, and the legal entity under which they were debtors, and contained their personal data, namely: names and phone numbers. Rather than being directly delivered to the complainant, the letter was delivered by the courier company (MiBM Express OOD) to a local shop keeper, who passed the letter on to the complainant. | |||
After opening an investigation into the incident, the CPDP issued a decision on 5 May 2020, in which it found that the courier, MiBM Express, had violated Article 32(4) of the GDPR. In particular, it had not taken the appropriate steps as a controller to ensure that its employees, acting under its authority, were prepared to work with personal data and had been trained in data protection, and would not share personal data with third parties. The CPDP also found a violation of the purpose limitation principle. As a result, it fined MiBM Express BGN 5,000, and ordered it to bring its processing operations into compliance with the GDPR. | |||
In | |||
MiBM Express appealed contested this decision at the Administrative Court of Sofia-city. It argued that in issuing its decision, the CPDP had violated procedural rules as established in the Bulgarian Personal Data Protection Act (PDPA). The judge in the case found that the contested decision had been imposed by a competent authority within the powers conferred to is under Article 38(1) and (3) PDPA. Moreover, the CPDP had correctly identified a violation of Article 32(4) and 5(1)(b) GDPR; and, the CDPD had correctly issued a corrective measure under Article 58(2)(b). then say why reuced. A court reduced it to BGN 1,500. | |||
In the present case, BGN appealed to say that the Court . Said the court didn't properly consider. and criminal code thing. | |||
=== Holding === | === Holding === | ||
In progress | In progress. essentially: the court did properly consider, and the criminal code thing not relevant. | ||
== Comment == | == Comment == | ||
Revision as of 14:19, 8 June 2021
| ВАС - № 6759 | |
|---|---|
 | |
| Court: | ВАС (Bulgaria) |
| Jurisdiction: | Bulgaria |
| Relevant Law: | Article 5(1)(b) GDPR Article 32(4) GDPR Article 58(2)(b) GDPR Article 83(2) GDPR Article 83(4)(b) GDPR Art. 208 Administrative Procedure Code (APC) Article 38(2) Personal Data Protection Act (PDPA) |
| Decided: | |
| Published: | 04.06.2021 |
| Parties: | MiBM Express OOD The Bulgarian Data Protection Authority (CPDP) |
| National Case Number/Name: | № 6759 |
| European Case Law Identifier: | |
| Appeal from: | Административен съд София-град (Administrative Court of Sofia-city) № 6270/2020 |
| Appeal to: | Unknown |
| Original Language(s): | Bulgarian |
| Original Source: | Върховния административен съд (in Bulgarian) |
| Initial Contributor: | n/a |
In progress
English Summary
Facts
On 11 April 2019 a complaint was filed with the Bulgarian Data Protection Authority (CPDP), regarding a letter that the complainant had received in relation to enforcement proceedings against her. The letter was addressed to her, her father, and the legal entity under which they were debtors, and contained their personal data, namely: names and phone numbers. Rather than being directly delivered to the complainant, the letter was delivered by the courier company (MiBM Express OOD) to a local shop keeper, who passed the letter on to the complainant.
After opening an investigation into the incident, the CPDP issued a decision on 5 May 2020, in which it found that the courier, MiBM Express, had violated Article 32(4) of the GDPR. In particular, it had not taken the appropriate steps as a controller to ensure that its employees, acting under its authority, were prepared to work with personal data and had been trained in data protection, and would not share personal data with third parties. The CPDP also found a violation of the purpose limitation principle. As a result, it fined MiBM Express BGN 5,000, and ordered it to bring its processing operations into compliance with the GDPR.
MiBM Express appealed contested this decision at the Administrative Court of Sofia-city. It argued that in issuing its decision, the CPDP had violated procedural rules as established in the Bulgarian Personal Data Protection Act (PDPA). The judge in the case found that the contested decision had been imposed by a competent authority within the powers conferred to is under Article 38(1) and (3) PDPA. Moreover, the CPDP had correctly identified a violation of Article 32(4) and 5(1)(b) GDPR; and, the CDPD had correctly issued a corrective measure under Article 58(2)(b). then say why reuced. A court reduced it to BGN 1,500.
In the present case, BGN appealed to say that the Court . Said the court didn't properly consider. and criminal code thing.
Holding
In progress. essentially: the court did properly consider, and the criminal code thing not relevant.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Bulgarian original. Please refer to the Bulgarian original for more details.
