CNIL (France) - Unknown

From GDPRhub
Revision as of 15:51, 15 February 2023 by Ls (talk | contribs) (Created page with "{{DPAdecisionBOX |Jurisdiction=France |DPA-BG-Color= |DPAlogo=LogoFR.png |DPA_Abbrevation=CNIL |DPA_With_Country=CNIL (France) |Case_Number_Name=Unknown |ECLI= |Original_So...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
CNIL - Unknown
LogoFR.png
Authority: CNIL (France)
Jurisdiction: France
Relevant Law: Article 17 GDPR
Article 56(1) GDPR
Article 60 GDPR
Type: Complaint
Outcome: Other Outcome
Started:
Decided: 26.07.2022
Published:
Fine: n/a
Parties: n/a
National Case Number/Name: Unknown
European Case Law Identifier: n/a
Appeal: Unknown
Original Language(s): French
Original Source: CNIL (in FR)
Initial Contributor: ls

The CNIL decided to close a complaint related to the right to erasure following the measures taken by the controller to prevent this situation from arising again.

English Summary

Facts

A data subject wished to exercise his right to erasure under Article 17 regarding two customer accounts linked to him with a company (controller). He claimed that he was forced to provide an identity document to make his request and that he did not receive confirmation that his requests had been taken into account. This led him to lodge a complaint with his local DPA (in Germany). The controller's DPO informed the German DPA that the data subject's requests for erasure of his personal data had been taken into account and that the data subject had been informed.

In accordance with Article 56(1) and Article 60, the German DPA transferred this complaint to the French DPA, the CNIL.

The CNIL exchanged with the controller's DPO, who explained the following: Concerning the prior communication of the identity document, it was systematically required when the data subject used the form available on the controller's website to make his request without logging into his personal account. In this particular case, there was an error in the redirections that led the data subject to this form. The DPO reported that he rose staff's awareness in this respect. The controller also now placed a notice under the form inviting customers to log in to their personal account so that they do not have to prove their identity.

Holding

Taking into account the explanations provided by the DPO and the measures that were already in place, the CNIL decided that the chances of a repetition such facts were avoided and therefore closed the complaint.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the French original. Please refer to the French original for more details.
Retrieved from "https://gdprhub.eu/index.php?title=CNIL_(France)_-_Unknown&oldid=31199"
Creative Commons Attribution-NonCommercial-ShareAlike
Powered by MediaWiki