HDPA (Greece) - 61/2022

HDPA - 61/202234
Authority:	HDPA (Greece)
Jurisdiction:	Greece
Relevant Law:	Article 5(1)(a) GDPR Article 6(1)(e) GDPR Article 12 GDPR Article 13 GDPR Article 25(1) GDPR Article 35 GDPR Article 46 GDPR National Law 3471/2006, article 4 National Law 4624/19, article 37
Type:	Complaint
Outcome:	Upheld
Started:
Decided:	01.11.2022
Published:	01.11.2022
Fine:	n/a
Parties:	Ministry of Education and Religious Affairs
National Case Number/Name:	61/202234
European Case Law Identifier:	n/a
Appeal:	Unknown
Original Language(s):	Greek
Original Source:	DPA.gr (in EL)
Initial Contributor:	Anastasia Tsermenidou

The Authority examined the compliance of the Ministry of Education and Religious Affairs on the compatibility of modern distance education education with the provisions of the legislation on the processing of personal data. No fine imposed.

English Summary

Facts

The DPA examined the compliance of the Ministry of Education and Religious Affairs with the recommendations of Decision 50/2021 on the compatibility of modern distance education in primary and secondary education with the provisions of the legislation on the processing of personal data. The DPA issued the following: a)no detailed investigation has been carried out into the legality of the purposes of processing on the part of the Ministry, in particular in relation to consent to access information stored on a user's terminal equipment when this is not necessary for the provision of the service requested by the user, b) the information provided to data subjects is less than that required by the GDPR, and the information is not in an intelligible and easily accessible form with clear and simple wording, especially if it is also addressed to children, c)the security measures in place, although in the right direction, need to be supplemented in a way that is available to every teacher, and it must be ensured that all teachers involved in the distance learning process have received a minimum of information, d) a proper assessment of the transfer of data to countries outside the EU (TIAs) has not been carried out, especially in light of the CJEU's decision in case C-311/18 (Schrems II).

Holding

The DPA considered that no new remedy is required and invited the Ministry to make the necessary amendments to improve transparency. In particular, the information provided to data subjects via the website should follow a multi-level approach and better information on the use of cookies is required. The Authority will address the more general issue of the application of Chapter V of the GDPR to videoconferencing services of companies belonging to a group controlled by an entity subject to US law with other supervisory authorities through the cooperation and consistency procedures of the Regulation.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Greek original. Please refer to the Greek original for more details.

Summary
The Authority examined ex officio the compliance of the Ministry of Education and Religious Affairs with the recommendations of decision 50/2021 on the compatibility of modern distance education in primary and secondary school units with the provisions of the legislation on the processing of personal data. The Authority considers that no new corrective measure is required and calls on the Ministry to make the necessary amendments to improve transparency. In particular, the information provided to data subjects through the website must follow a multi-level approach, while an improvement in the information regarding the use of "cookies" is required. The Authority will consider the broader issue of the application of Chapter V of the GDPR to videoconferencing services of companies that are part of a group controlled by an entity subject to US law. with the other supervisory authorities through the cooperation and coherence procedures of the Regulation.