AEPD (Spain) - E/09353/2019

From GDPRhub
AEPD (Spain) - E/09353/2019
Authority: AEPD (Spain)
Jurisdiction: Spain
Relevant Law: Article 5(1)(f) GDPR
Article 39 GDPR
Article 55 GDPR
Article 58 GDPR
Type: Complaint
Outcome: Other Outcome
Published: 21.02.2020
Fine: None
Parties: Ayuntamiento de Palacios del Sil
National Case Number/Name: E/09353/2019
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): Spanish
Original Source: AEPD (in ES)
Initial Contributor: n/a

The AEPD found no data protection violation of the Town Hall of Palacios del Sil and closed the file of the case.

English Summary


The complainant claimed that the Town Hall of Palacios del Sil posted their name and surname on Facebook. The defendant argued that it did not have any Facebook account, but only a webpage. The complainant claimed violation of the principles of integrity and confidentiality when processing personal data according to Article 5(1)(f) GDPR.



The AEPD confirmed that there was no Facebook profile with the name of the Town Hall and the URL provided by the complainant would not open as non available anymore. Further, it did not find any violation, hence it closed the file of the case.


Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the original. Please refer to the Spanish original for more details.

FIRST: The complaint filed by Mr. A.A.A.  (hereinafter, the claimant) was filed on 14 June 2019 with the Spanish Data Protection Agency. The claim is directed against the Town Hall of Palacios del Sil, with NIFP2411100G(from now on, the claimed). The reasons on which the complaint is based are that on June 14, 2019 the City Council of Palacios del Sil through the page ofFacebook ***URL.1 publishes a note in which it makes public its name and surname. SECOND: In accordance with article 65.4 of the Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the guarantee of digital rights (hereinafter LOPDGDD), with reference number E/07806/2019, a notification was given of the complaint to the person concerned, so that he could proceed with its analysis and inform this Agency within a period of one month, of the actions taken to adapt to the requirements of the data protection regulations.THIRD: On October 1, 2019, the Director of the Spanish Data Protection Agency agreed to admit the claim presented by the claimant for processing.FOURTH: The General Sub-directorate of Data Inspection proceeded to carry out previous investigation actions to clarify the facts object of the claim, being aware of the following points: The representatives of the City Council of Palacios del Sil state that they are not attached to Facebook or any other social network, and that neither the members of the municipal corporation nor the workers of the City Council manage any corporate profile in Facebook. They add that the City Council only has a web pageónica which establishes relations with citizens, promoting a system of identification, authentication, minimum content, legal protection, accessibility, availability and responsibility.   The members of the City Council are the ones who carefully select the documents to be uploaded to the aforementioned platforms, the Corporation being solely responsible for the content and publications made in this medium.

It has been verified, on January 30th 2020, that when searching in Facebook the existence of a profile called Palacios del Sil City Council, no information is obtained about any profile registered. In this sense, when accessing the link ***URL.1, the result is: "This content is not available at this moment. It is possible that the link you have followed has expired or that the page can only be seen by an audience to which you do not belong."FUNDAMENTOS DE DERECHOIDe in accordance with the powers of investigation and correction that Article 58 of Regulation (EU) 2016/679 (General Regulation on Data Protection, hereinafter RGPD) grants to each supervisory authority, and in accordance with the provisions of Article 47 of Organic Law 3/2018, of December 5, on Personal Data Protection and Guarantee of Digital Rights (hereinafter LOPDGDD), the Director of the Spanish Data Protection Agency is competent to resolve these investigative actions.In accordance with the provisions of Article 55 of the RGPD, the Spanish Data Protection Agency is competent to carry out the functions assigned to it in Article 57 thereof, including that of enforcing the Regulation and promoting awareness among data controllers and data processors of the obligations incumbent on them, as well as dealing with complaints submitted by a data subject and investigating the grounds for such complaints.It also corresponds to the Spanish Data Protection Agency to exercise the powers of investigation regulated in Article 58.1 of the same legal text, among which is the power to order the data controller and the person responsible for the processing to provide any information required for the performance of their functions. In the event that they have appointed a data protection delegate, Article 39 of the RGPD attributes to this the function of cooperating with said authority. Similarly, the internal legal system also provides for the possibility of opening a period of information or prior proceedings. In that regard, Article 55 of Law 39/2015, of October 1, on the Common Administrative Procedure of Public Administrations, grants that power to the competent body in order to determine the circumstances of the specific case and the advisability or otherwise of initiating the procedure.

In the present case, this Agency has received a complaint filed by the claimant against the respondent for an alleged violation of article 5.1. f) of the RGPD, which guarantees: "that personal data will be processed in such a way as to ensure adequate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, through the application of appropriate technical or organizational measures (<<integrity and confidentiality>>)".All the actions have been carried out in compliance with the legal provisions, and with the aim of determining, as accurately as possible, the relevant circumstances that may arise in this case, and it has been verified that, on January 30, 2020, when searching on Facebook for the existence of a profile called Palacios del Sil Town Hall, no information on any of the profiles was obtained. Furthermore, by accessing the link ***URL.1, the result is: "This content is not available at this time. It is possible that the link you have followed has expired or that the page can only be seen by a group of people who do not belong to it", and in any case it has not been accredited that the Town Hall was the source of the information, so it is considered appropriate to agree to file the present actions as it is considered that the issue has been resolved.Therefore, in accordance with what has been indicated, by the Director of the Spanish Data Protection Agency, it is agreed: FIRST: TO PROCEED TO THE FILING of the present actions. SECOND: TO NOTIFY the present resolution to the claimant and reclaimed. In accordance with what is established in article 50 of the LOPDGDD, the present Resolution will be made public once it has been notified to the interested parties.