Garante per la protezione dei dati personali (Italy) - 9446659: Difference between revisions
(changed title) |
m (ML moved page Garante per la protezione dei dati personali - doc.web. 9446659 to Garante per la protezione dei dati personali - 9446659: correction of title) |
Revision as of 07:41, 24 August 2020
Garante per la protezione dei dati personali - 9446659 | |
---|---|
Authority: | Garante per la protezione dei dati personali (Italy) |
Jurisdiction: | Italy |
Relevant Law: | Article 5(1)(a) GDPR Article 5(1)(c) GDPR Article 6(1)(c) GDPR Article 6(1)(e) GDPR Article 6(2) GDPR Article 6(3) GDPR |
Type: | Complaint |
Outcome: | Upheld |
Started: | |
Decided: | 09.07.2020 |
Published: | |
Fine: | 2000 EUR |
Parties: | n/a |
National Case Number/Name: | 9446659 |
European Case Law Identifier: | n/a |
Appeal: | n/a |
Original Language(s): | Italian |
Original Source: | Garante's website (in IT) |
Initial Contributor: | Antonella Luisi |
The Italian DPA (Garante) fined a city council 2.000 euros for publishing citizens' personal data on its website without a valid legal basis and failing to comply with the principle of data minimization.
English Summary
Facts
A data subject filed a complaint with the Garante regarding the publication on the city council's website of personal data concerning him and his wife.
Dispute
The Garante considered whether the publication of the compliants' personal data was justified and grounded on a valid legal basis while complying with the transparency obligations public administration are subject to.
Holding
The Garante considered that the data processing at sake should have been grounded on compliance with a legal obligation to which the controller is subject, under Article 6 (1) (c) GDPR. In this case, the compliants' personal data remained published for several years thus exceeding the 15 days period required under Italian law for transparency purposes. The controller failing to demonstrate on which legal basis it grounded the data processing for the exceeding period of time, the Authority judged the processing unlawful on the basis of Article 6 (1) (c) (e), (2), (3) (b). Also, the Garante found that the personal data published was not adequate, relevant and limited to the fixed purpose thus breaching the principles of data minimization under article 5 (1) (c) GDPR.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Italian original. Please refer to the Italian original for more details.