IP - 0610-376/2020/35

From GDPRhub
Revision as of 12:27, 15 April 2021 by GDPR+ (talk | contribs) (Created page with "{{DPAdecisionBOX |Jurisdiction=Slovenia |DPA-BG-Color= |DPAlogo=LogoSI.png |DPA_Abbrevation=IP |DPA_With_Country=IP (Slovenia) |Case_Number_Name=0610-376/2020/35 |ECLI= |Or...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
IP - 0610-376/2020/35
LogoSI.png
Authority: IP (Slovenia)
Jurisdiction: Slovenia
Relevant Law: Article 13(1) GDPR
Article 13(2) GDPR
Article 58(2)(a) GDPR
Type: Investigation
Outcome: Violation Found
Started:
Decided: 15.03.2021
Published: 15.04.2021
Fine: None
Parties: Ministry of Public Administration
National Case Number/Name: 0610-376/2020/35
European Case Law Identifier: n/a
Appeal: Unknown
Original Language(s): Slovenian
Original Source: GDPR+ (via IP’s zip) (in SL)
Initial Contributor: GDPR+

IP held that the Ministry did not provide the relevant information under Article 13 of the GDPR when applying for interest in vaccination on the eUpava (eGovernment) portal.

English Summary

Facts

The ministry collected expressions of interest for vaccination against COVID -19 on the website https://e-uprava.gov.si/podrocja/sociala-zdravje-smrt/zdravje/vloga-cepljenje.html, and from the beginning of the expression of interest, the list became a list for vaccination. Information under Article 13 were not provided.

Dispute

Holding

Pursuant to Article 58(2)(a) of the General Regulation, controllers are reminded that the use or aggregation with other databases or other forms of further processing of personal data of individuals who have already submitted or are about to submit an application for vaccination against COVID-19 through the eGovernment portal constitutes a breach of the GDPR. Controllers must restrict the processing of personal data of individuals who have already submitted an application through the eGovernment portal.

Controllers must ensure fair and transparent processing of personal data in such a way that all persons who have already submitted, or are about to submit, an application for registration of interest in vaccination against COVID -19 through the eGovernment portal receive, in a concise, transparent, intelligible and easily accessible form and in plain and simple language, all the information referred to in Article 13(1) and (2) of the GDPR, focusing on the identification of the controller(s), the precise purpose of the processing and the legal basis for the processing, as well as the rights of individuals in this context.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Slovenian original. Please refer to the Slovenian original for more details.
Retrieved from "https://gdprhub.eu/index.php?title=IP_-_0610-376/2020/35&oldid=14911"
Creative Commons Attribution-NonCommercial-ShareAlike
Powered by MediaWiki