Commissioner - 11.17.001.007.125
|Comissioner - 11.17.001.007.125|
|Relevant Law:||Article 12(2) GDPR|
Article 12(6) GDPR
Article 17 GDPR
Article 58(2)(d) GDPR
|Parties:||GAIJIN NETWORK LTD|
|National Case Number/Name:||11.17.001.007.125|
|European Case Law Identifier:||n/a|
|Original Source:||Comissioner (Cyprus) (in EL)|
The Cypriot Comissioner ordered video game company to bring its processing operations into compliance with Article 12(2) GDPR as it found they should implement additional modalities to facilitate data subjects' rights and enable the latter to justify their identity according to Article 12(6) GDPR.
A data subject made a request for erasure of his personal data to a video game provider, Gaijin Netword Ltd. Gaijin requested additional information in order to identify the data subject. The data subject failed to provide the authentication information and Gaijin rejected the request.
Was the rejection of the data subject's request for rectification as well as the company's request for additional identification information lawful?
The Comissioner found that in this particular case Gaijin could not comply with the request for erasure as authentication information was missing. However, Gaijin should implement additional modalities to facilitate the exercise of data subjects' rights. The current Gaijin's modalities do not fully comply with the GDPR and additional mechanisms should be implemented so that users with hacked accounts could be also identified according to Article 12(6) GDPR.
Share your comments here!
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Greek original. Please refer to the Greek original for more details.
Please see the original decision which is already in English.