AEPD - PS/00064/2021

From GDPRhub
AEPD - PS/00064/2021
Authority: AEPD (Spain)
Jurisdiction: Spain
Relevant Law: Article 5(1)(f) GDPR
Article 32(1) GDPR
Type: Complaint
Outcome: Upheld
Published: 15.04.2021
Fine: None
National Case Number/Name: PS/00064/2021
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): Spanish
Original Source: AEPD decision (in ES)
Initial Contributor: n/a

The Spanish DPA imposed a warning on a city council for accidentally publishing electoral information that included names, ID numbers and addresses of polling station members.

English Summary[edit | edit source]

Facts[edit | edit source]

The Spanish city council of El Enpinar accidentally published a complete electoral list that included names, ID numbers and addresses of polling station members, instead of the redacted version.

Subsequently, the AEPD received a complaint regarding these facts and launched an investigation. The council answered extemporaneously to the AEPD's requests, providing the demanded information and stating that they would be providing data protection training to their employees.

Holding[edit | edit source]

The AEPD held that the facts constituted a data breach and were therefore a violation of Article 32(1), and additionally Article 5(1)(f) for violating the confidentiality principle.

The AEPD imposed a warning on the city council, as the Spanish Data Protection Law does not allow fining public institutions.

Comment[edit | edit source]

Share your comments here!

Further Resources[edit | edit source]

Share blogs or news articles here!

English Machine Translation of the Decision[edit | edit source]

The decision below is a machine translation of the Spanish original. Please refer to the Spanish original for more details.