Commissioner - 11.17.001.007.125
|Commissioner - 11.17.001.007.125|
|Relevant Law:||Article 12(2) GDPR|
Article 12(6) GDPR
Article 17 GDPR
Article 58(2)(d) GDPR
|Parties:||GAIJIN NETWORK LTD|
|National Case Number/Name:||11.17.001.007.125|
|European Case Law Identifier:||n/a|
|Original Source:||Commissioner (Cyprus) (in EL)|
The Cypriot Comissioner ordered video game company to bring its processing operations into compliance with Article 12(2) GDPR as it found they should implement additional modalities to facilitate data subjects' rights and enable the latter to justify their identity according to Article 12(6) GDPR.
English Summary[edit | edit source]
Facts[edit | edit source]
A data subject made a request for erasure of his personal data to a video game provider, Gaijin Netword Ltd. Gaijin requested additional information in order to identify the data subject. The data subject failed to provide the authentication information and Gaijin rejected the request.
Dispute[edit | edit source]
Was the rejection of the data subject's request for rectification as well as the company's request for additional identification information lawful?
Holding[edit | edit source]
The Comissioner found that in this particular case Gaijin could not comply with the request for erasure as authentication information was missing. However, Gaijin should implement additional modalities to facilitate the exercise of data subjects' rights. The current Gaijin's modalities do not fully comply with the GDPR and additional mechanisms should be implemented so that users with hacked accounts could be also identified according to Article 12(6) GDPR.
Comment[edit | edit source]
Share your comments here!
Further Resources[edit | edit source]
Share blogs or news articles here!
English Machine Translation of the Decision[edit | edit source]
The decision below is a machine translation of the Greek original. Please refer to the Greek original for more details.
Please see the original decision which is already in English.