The Cabildo of Lanzarote leaked data to the press improperly via email in November 2010 for publication. This is the opinion of the Spanish Data Protection Agency (AEPD), which has carried out a procedure for declaring an infringement by public administrations following a complaint from one of those affected, for disseminating their personal data. The Agency considers that the Cabildo infringed Article 10 of the Organic Law on the Protection of Personal Data.
The events began with a statement from the PSOE (then in opposition) in which it claimed that the lawyer Ignacio Calatayud, advisor to the president Pedro San Ginés, had charged 300,000 euros from the Cabildo in 2010. To counter this claim, the government group, led by San Ginés himself and made up of the Canarian Coalition (CC), the Popular Party (PP), the Lanzarote Independents Party (PIL) and the Lanzarote Nationalist Party (PNL), sent an email to the media through its press office, which included a report from the economic and financial management body with the names of all the lawyers who had worked for the Cabildo and the amount they had charged between 1997 and 2010.
One of these lawyers reported the events to the AEPD, which contacted the Cabildo, although it did not respond to its requests. According to the AEPD, "there is no law that allows the personal data of the complainant referring to the amounts that he has received annually from the Cabildo to be transferred to the press, nor is the public dissemination of both data together required in any regulation, especially taking into account that the published news did not make any reference or was debating his emoluments or his person".
It adds that there is no law "that protects the communication of data, in this case indiscriminate to the press, to deny a statement" and that it constitutes a violation of the duty of secrecy to the custody and conservation of the data available.
"It could be discussed whether the transfer of personal data of the person alluded to in the news to the media for journalistic purposes would be in accordance with the freedoms of opinion and information (?) weighing the balance between the relevance and public interest together with the obtaining by citizens of information that affects the functioning of public institutions", the Agency states.
However, according to this body, "this issue is not being elucidated here, but rather, the fact that unrelated and excessive data has been provided for the case in question appears". "So the information to respond about a person, the purpose of the information, could perfectly be done without the need to provide the personal data of the others," he says.
In its resolution, the AEPD points out that "due to the nature of the infringement, and that its effects have ceased to exist, the Agency does not urge the adoption of a specific corrective measure", although it decides to communicate the resolution to the Ombudsman. The affected party, on the other hand, could initiate an ordinary procedure in the Courts with this resolution.
From the law firm www.salirdeinternet.com, specialized in the protection of privacy, intimacy and reputation of users on the Internet, they emphasize that "if this leak had been carried out by a company, the sanction would be from 900 to 40,000 euros, but since it is a Public Administration, the Spanish Data Protection Agency has only declared the infringement, but has not imposed a sanction and has not requested that disciplinary proceedings be opened".
SG/ACN Press