AEPD - PS/00064/2021
|AEPD - PS/00064/2021|
|Relevant Law:||Article 5(1)(f) GDPR|
Article 32(1) GDPR
|Parties:||AYUNTAMIENTO DE EL ESPINAR|
|National Case Number/Name:||PS/00064/2021|
|European Case Law Identifier:||n/a|
|Original Source:||AEPD decision (in ES)|
The Spanish DPA imposed a warning on a city council for accidentally publishing electoral information that included names, ID numbers and addresses of polling station members.
English Summary[edit | edit source]
Facts[edit | edit source]
The Spanish city council of El Enpinar accidentally published a complete electoral list that included names, ID numbers and addresses of polling station members, instead of the redacted version.
Subsequently, the AEPD received a complaint regarding these facts and launched an investigation. The council answered extemporaneously to the AEPD's requests, providing the demanded information and stating that they would be providing data protection training to their employees.
Holding[edit | edit source]
The AEPD held that the facts constituted a data breach and were therefore a violation of Article 32(1), and additionally Article 5(1)(f) for violating the confidentiality principle.
The AEPD imposed a warning on the city council, as the Spanish Data Protection Law does not allow fining public institutions.
Comment[edit | edit source]
Share your comments here!
Further Resources[edit | edit source]
Share blogs or news articles here!
English Machine Translation of the Decision[edit | edit source]
The decision below is a machine translation of the Spanish original. Please refer to the Spanish original for more details.