Subscribe to LSNN Daily News

Method
Channel
Author

Enter your email address:
lsnn
lsnn
2022-04-13 02:16:08
Wednesday 02:33:22
April 13 2022

Italy: Garante issues warning to Ministry of Justice for processing personal data without legal basis

View 12.7K

words 458 read in 2 minutes, 17 Seconds

The Italian data protection authority ('Garante') issued, on 24 March 2022, its decision in Case No. 97, in which it imposed a warning to the Ministry of Justice, for violations of Articles 5(1)(a), 5(1)(c), 6, and 10 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') and Article 2-octies of the Personal Data Protection Code, Containing Provisions to Adapt the National Legislation to the GDPR ('the Code'), following a complaint lodged by an employee of the Ministry.

Background to the case

In particular, the Garante reported that the complainant had participated in an internal selection organised by the Ministry, following which the latter had published on its website the ranking of the participants, with an annotation, next to the complainant's name, of a pending criminal proceeding involving the same.

Moreover, the Garante noted that, having received the Ministry's comments, it had notified the latter of the initiation of the procedure for the adoption of an enforcement action, inviting the same to present its defence briefs. Subsequently, the Garante reported that the Ministry had explained that the abovementioned annotation was made for internal use only, in order to draft the ranking of the internal selection, and that, due to a human error, it had not been removed from the final version of the ranking before its publication.

Findings of the Garante

Further to the above, the Garante held that the disclosure of the complainant's personal data, falling into the category of data relating to criminal convictions and offences, on the website of the Ministry, took place in the absence of a legal basis, thus breaching Articles 5(1)(a), 6, and 10 of the GDPR, and Article 2-octies of the Code.

In addition, the Garante determined that, without prejudice to the powers of the Ministry to assess the candidates' eligibility in the course of internal selections, the annotation concerning the existence of a pending criminal proceedings in a ranking subject to online publication, associated with the name of the candidate, breached the principle of data minimisation.

However, the Garante considered it sufficient to issue a warning to the Ministry, taking into account, among others, that:


  • the disclosure of personal data in question involved only one data subject and occurred due to a human error;
  • the case in question was an isolated incident in the context of the numerous selection procedures organised and managed by the Ministry;
  • the Ministry fully cooperated in the course of the investigation; and
  • the Ministry prmptly adopted suitable measures to prevent the occurrence of similar errors in the future.

Outcomes

In conclusion, the Garante issued the aforementioned warning and highlighted that the Ministry may lodge a complaint before the judicial authority within 30 days.

You can read the decision, only available in Italian, here.

Source by Redazione

Articles Similar / Italy: G...gal basis
from: ladysilvia
by: Redazione
13 apr 2023
ChatGPT: Garante privac...erà le misure richieste
from: ladysilvia
by: Redazione
27 mar 2023
Ecco come il Garante pr...to il codice di condotta
from: ladysilvia
by: Redazione
19 lug 2022
EU: Commission issues r...Whistleblowing Directive
from: ladysilvia
by: Redazione
24 giu 2022
Italy: Garante finds US...oogle Analytics unlawful
from: ladysilvia
by: Redazione
17 feb 2022
Torino. Manifestazione ...eb 2022 inizio ore 10.00
from: ladysilvia
by: Redazione
19 dic 2018
Manovra Tria, C'è l'in... via libera di Bruxelles