Post by nijhumninutsa033 on Jan 10, 2024 21:55:09 GMT 10
Protection regulations in a manner contrary to the Supreme Court. It considers that it imposes an obligation of result and has used this criterion in numerous sanctioning procedures. For its part, the Supreme Court bases its ruling on the wording of Directive 95/46/EC , transposed into our system by the repealed Organic Law 15/1999, of December 13, on the Protection of Personal Data . Despite opting for the “obligation of means” route, the High Court points out that “it is not enough to design the necessary technical and organizational means, their correct implementation and use in an appropriate manner is also necessary, so that it will also be responsible for the lack of diligence in its use, understood as reasonable diligence taking into account the circumstances of the case.
” Confirmation of the sanction In the case examined, the High Court confirms the sanction to the company because “the program used to collect customer data did not contain any security measure that would allow Phone Number Data checking whether the email address entered was real or fictitious and if really belonged to the person whose data was being processed and gave consent for it. The state of the art at the time these events occurred made it possible to establish measures aimed at verifying the veracity of the email address, making the continuation of the process conditional on the user receiving the contract at the address provided and only from there providing services. the necessary consent for its collection and processing.
Measures that were not adopted in this case.” The Third Chamber confirms the sanction of 40,000 euros imposed by the AEPD That is, at the time these events occurred, there were means applicable to the registration process that would have prevented the leakage of personal data . It can be said that the technical measures adopted did not comply with the security conditions in the required terms. Finally, the Court points out that the fact that it was the negligent actions of an employee that caused the security breach does not exempt the company from liability , which should have ensured that the security measures were used correctly.
” Confirmation of the sanction In the case examined, the High Court confirms the sanction to the company because “the program used to collect customer data did not contain any security measure that would allow Phone Number Data checking whether the email address entered was real or fictitious and if really belonged to the person whose data was being processed and gave consent for it. The state of the art at the time these events occurred made it possible to establish measures aimed at verifying the veracity of the email address, making the continuation of the process conditional on the user receiving the contract at the address provided and only from there providing services. the necessary consent for its collection and processing.
Measures that were not adopted in this case.” The Third Chamber confirms the sanction of 40,000 euros imposed by the AEPD That is, at the time these events occurred, there were means applicable to the registration process that would have prevented the leakage of personal data . It can be said that the technical measures adopted did not comply with the security conditions in the required terms. Finally, the Court points out that the fact that it was the negligent actions of an employee that caused the security breach does not exempt the company from liability , which should have ensured that the security measures were used correctly.