Banner1.png
Banner3.png

Editing CNPD (Luxembourg) - Délibération n°16FR/2021

From GDPRhub

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

Latest revision Your text
Line 50: Line 50:
 
}}
 
}}
  
The Luxembourg DPA (CNDP) fined a controller €1000 for capturing images of a public space using their video-camera system, and for not providing necessary information about the video-camera system in accordance with Article 13 GDPR.
+
The Luxembourg fined €1000 a controller for capturing images of the public space on their videocameras system, and for not providing the necessary information about such system in accordance with Article 13 GDPR.
  
 
== English Summary ==
 
== English Summary ==
Line 57: Line 57:
 
The Luxembourg DPA (CNPD) launched an investigation on a controller that was using videocameras on the entrance of their premises to protect their property and monitor the entrance, as well as for work security purposes and the prevention of accidents.  
 
The Luxembourg DPA (CNPD) launched an investigation on a controller that was using videocameras on the entrance of their premises to protect their property and monitor the entrance, as well as for work security purposes and the prevention of accidents.  
  
The controller held a pre-authorisation from the CNPD. However, their cameras were also partially capturing images of public space.
+
The controller held a pre-authorisation from the CNPD. However, their cameras were partially capturing images of the public space too.
 
=== Holding ===
 
=== Holding ===
 
Even if the CNPD admitted that sometimes it is admissible to capture images of public surrounding, given the impossibility of the contrary, such images shall be blurred or masked. Therefore, the DPA concluded that the controller had violated Article 5(1)(c) GDPR, for processing data that is not relevant for the purposes of the processing.
 
Even if the CNPD admitted that sometimes it is admissible to capture images of public surrounding, given the impossibility of the contrary, such images shall be blurred or masked. Therefore, the DPA concluded that the controller had violated Article 5(1)(c) GDPR, for processing data that is not relevant for the purposes of the processing.
  
Additionally, the DPA found that the controller offered limited information on the videosurveillance system, both to users and to employees, and failed to provide adequate notice about the system on their website. Furthermore, the controller had not adequately informed the employees about such system, not could prove that had provided relevant information.
+
Additionally, the DPA found that the controller offered limited information on the videosurveillance system, both to users and to employees, and had not adequate notice about that on their website. Furthermore, the controller had not adequately informed the employees about such system, not could prove that had provided relevant information.
  
 
Because of this, the DPA concluded that the controller had also violated Article 13 GDPR.
 
Because of this, the DPA concluded that the controller had also violated Article 13 GDPR.

Please note that all contributions to GDPRhub are considered to be released under the Creative Commons Attribution-NonCommercial-ShareAlike (see GDPRhub:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To edit this page, please answer the question that appears below (more info):

Cancel Editing help (opens in new window)

Template used on this page: