Post by account_disabled on Mar 12, 2024 11:25:56 GMT 1
They point out that the sharpness of the images is so bad that not even the license plate of their vehicle is visible ; that the request is excessively generic since it requests access to “all images or videos recorded at the facilities”; and that the images may contain personal data of third parties. Thus, even if the resolution is poor, it is possible that you can see the faces of people passing by. “The duration of the vehicle parking is approximately two hours and in two hours there is an enormous entry of vehicles and individuals,” despite the fact that in the allegations sent by the company to the AEPD, it is insisted that it cannot be identify “the face, nor the license plate nor any other personal data .”
The AEPD affirms that the above does not prove that the response addresses the right of access to personal data. “We cannot deny that it is true that the response given to the complainant did not include all the information Email Data established in article 15 of the Data Protection Regulation,” but the company maintains that “it does not have data of a stored personnel of the claimant, because nothing can be seen in the images.”
The Right of access, established in article 15 of the RGD, stipulates that the interested party has the right to obtain from the data controller confirmation of whether or not personal data that concerns him or her is being processed and, in such case, the right of access to the data. personal. In the case of very generic requests, “the controller may ask the affected party to specify the data or processing activities to which the request refers.” Furthermore, the AEPD points out that the request will be considered excessive when the affected party chooses a means other than the one offered that entails a disproportionate cost , which must be assumed by the affected party.
Along these lines, the AEPD considers the claim and calls on the company to address the client's right or to refuse with reason. Thus, it points out that "if the person responsible considers that access to said recordings may affect the images of third parties, the necessary measures must be adopted to anonymize their data , and may even send extracts of images to facilitate access through a certified writing. in which the data subject to processing are specified with the greatest possible precision.” And “even in the event that there is no data in the files or even in those cases in which the stipulated requirements are not met, in which case the recipient of said request is equally obliged to request the correction of the observed deficiencies or to deny the reasoned request indicating the reasons why it is not appropriate to consider the right in question.” And, the AEPD concludes, it cannot be satisfied with the reasons conveyed exclusively to the Administration .
The AEPD affirms that the above does not prove that the response addresses the right of access to personal data. “We cannot deny that it is true that the response given to the complainant did not include all the information Email Data established in article 15 of the Data Protection Regulation,” but the company maintains that “it does not have data of a stored personnel of the claimant, because nothing can be seen in the images.”
The Right of access, established in article 15 of the RGD, stipulates that the interested party has the right to obtain from the data controller confirmation of whether or not personal data that concerns him or her is being processed and, in such case, the right of access to the data. personal. In the case of very generic requests, “the controller may ask the affected party to specify the data or processing activities to which the request refers.” Furthermore, the AEPD points out that the request will be considered excessive when the affected party chooses a means other than the one offered that entails a disproportionate cost , which must be assumed by the affected party.
Along these lines, the AEPD considers the claim and calls on the company to address the client's right or to refuse with reason. Thus, it points out that "if the person responsible considers that access to said recordings may affect the images of third parties, the necessary measures must be adopted to anonymize their data , and may even send extracts of images to facilitate access through a certified writing. in which the data subject to processing are specified with the greatest possible precision.” And “even in the event that there is no data in the files or even in those cases in which the stipulated requirements are not met, in which case the recipient of said request is equally obliged to request the correction of the observed deficiencies or to deny the reasoned request indicating the reasons why it is not appropriate to consider the right in question.” And, the AEPD concludes, it cannot be satisfied with the reasons conveyed exclusively to the Administration .