Commissioner (Cyprus) - 11.17.001.007.125

From GDPRhub
Revision as of 08:52, 10 July 2020 by AL (talk | contribs) (Created page with "{{DPAdecisionBOX |Jurisdiction=Cyprus |DPA-BG-Color=background-color:#ffffff; |DPAlogo=LogoCY.jpg |DPA_Abbrevation=Comissioner |DPA_With_Country=Comissioner (Cyprus) |Case_N...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Comissioner - 11.17.001.007.125
LogoCY.jpg
Authority: Comissioner (Cyprus)
Jurisdiction: Cyprus
Relevant Law: Article 12(2) GDPR
Article 12(6) GDPR
Article 17 GDPR
Article 58(2)(d) GDPR
Type: Complaint
Outcome: Upheld
Started:
Decided: 02.06.2020
Published:
Fine: None
Parties: GAIJIN NETWORK LTD
National Case Number/Name: 11.17.001.007.125
European Case Law Identifier: n/a
Appeal: Unknown
Original Language(s): Greek
Original Source: Comissioner (Cyprus) (in EL)
Initial Contributor: n/a

The Cypriot Comissioner ordered video game company to bring its processing operations into compliance with Article 12(2) GDPR as it found they should implement additional modalities to facilitate data subjects' rights and enable the latter to justify their identity according to Article 12(6) GDPR.

English Summary

Facts

A data subject made a request for erasure of his personal data to a video game provider, Gaijin Netword Ltd. Gaijin requested additional information in order to identify the data subject. The data subject failed to provide the authentication information and Gaijin rejected the request.

Dispute

Was the rejection of the data subject's request for rectification as well as the company's request for additional identification information lawful?

Holding

The Comissioner found that in this particular case Gaijin could not comply with the request for erasure as authentication information was missing. However, Gaijin should implement additional modalities to facilitate the exercise of data subjects' rights. The current Gaijin's modalities do not fully comply with the GDPR and additional mechanisms should be implemented so that users with hacked accounts could be also identified according to Article 12(6) GDPR.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Greek original. Please refer to the Greek original for more details.

Please see the original decision which is already in English.