Editing AEPD - PS/00422/2018

From GDPRhub

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

Latest revision Your text
Line 15: Line 15:
 
[[Article 58 GDPR#2|Article 58(2) GDPR]]
 
[[Article 58 GDPR#2|Article 58(2) GDPR]]
 
[[Category:Article 58(2) GDPR]]
 
[[Category:Article 58(2) GDPR]]
 
[[Article 2 GDPR]][[Category:Article 2 GDPR]]
 
 
[[Article 2 GDPR#r15|Recital 15 GDPR]]
 
 
Articles 47 and 48(1) of the [https://www.boe.es/boe/dias/2018/12/06/pdfs/BOE-A-2018-16673.pdf LOPDGDD]
 
 
|-
 
|-
 
|Type:||Complaint
 
|Type:||Complaint
 
|-
 
|-
|Outcome:||Dismissed
+
|Outcome:||Rejected
 
|-
 
|-
 
|Decided:||n/a
 
|Decided:||n/a
Line 33: Line 27:
 
|Fine:||None
 
|Fine:||None
 
|-
 
|-
|Parties:||Sant Miquel d'Olèrdola Town Council v.  
+
|Parties:||Sant Miquel d'Olèrdola Town Council v. SHANA REVOLUTION SHOPS and PROYECTO DISEÑO Y FABRICACIONCLUSTER S.L.
 
 
SHANA REVOLUTION SHOPS and  
 
 
 
PROYECTO DISEÑO Y FABRICACIONCLUSTER S.L.
 
 
|-
 
|-
|National Case Number:||PS/00422/2018
+
|National Case Number:||PS/00006/2019
 
|-
 
|-
|European Case Law Identifier:||n/a
+
|European Case Law Identifier
 +
|n/a
 
|-
 
|-
 
|Appeal:||n/a
 
|Appeal:||n/a
Line 48: Line 39:
 
Spanish
 
Spanish
 
|-
 
|-
|Original Source:||[https://www.aepd.es/es/documento/ps-00422-2018.pdf AEPD (in ES)]
+
|Original Source:||[https://www.aepd.es/es/documento/ps-00006-2019.pdf AEPD (in ES)]
 
|}  
 
|}  
  
The AEPD rejected company's responsibility for depositing on the public highway documents which contain personal data. According to the decision, the fact that a company merely threw or deposited such documents on the highway does not render the company responsible for the documents in terms of security according to the GDPR.  
+
The AEPD confirmed that a webpage's privacy policy lack of precision violated the GDPR.  
  
 
==English Summary==
 
==English Summary==
  
 
===Facts===
 
===Facts===
The complaint followed a discovery by Agents of the Local Police of the City Council of Sant Miquel d' Olèrdola of documents containing personal data on the public highway.
+
A citizen submitted a complaint before the AEPD stating that privacy policy of www.banderacatalana.cat did not comply with the GDPR. GRUP BC S.L. was the controller of the page. Especially, the complainant stated that the privacy policy did not include precise information regarding the specific purposes of the processing of personal data, the consent and the child’s consent as a legal basis of the processing.
 
 
The complainant argued that the company SHANA REVOLUTION SHOPS was responsible to maintain security of these documents or otherwise to delete them. They alleged violation of [[Article 5 GDPR#1f|Article 5(1)(f) GDPR]] and asked for a EUR 15,000 fine to be imposed.  
 
  
 
===Dispute===
 
===Dispute===
+
Does the lack of specific information regarding the purposes of processing, the consent and the child’s consent as a legal basis of the processing within a privacy policy, contravene Articles 13(1), 6(1)(a) and 8 GDPR?
  
 
===Holding===
 
===Holding===
The AEPD found that it could not be proved which entity collected these documents and which was responsible for deleting the personal data. The AEPD highlighted that a basic principle of the GDPR is that personal data should be processed in a secure manner with technical and organisational means and measures laid down in advance, depending on the data processed and the risks involved. This includes taking measures and protocols to ensure that information in tangible formats, when discarded, is discarded by means that ensure the confidentiality of the data. However, it noted that the fact that an entity throws or deposits documents containing personal data on the public highway does not make it responsible for them in terms of security under the GDPR. Thus, it dismissed the allegations against both defendants since there was no concrete evidence against them.  
+
The AEPD found that GRUP BC S.L violated Article 13(1), 6(1)(a) and 8 GDPR.
  
 
==Comment==
 
==Comment==
 +
 
''Share your comments here!''
 
''Share your comments here!''
  

Please note that all contributions to GDPRhub are considered to be released under the Creative Commons Attribution-NonCommercial-ShareAlike (see GDPRhub:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To edit this page, please answer the question that appears below (more info):

Cancel Editing help (opens in new window)