Eesti Ehitusinseneride Liit MTÜ – Violation Found (Estonia, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
An attorney-at-law submitted a request for access to information to the Estonian Association of Civil Engineers, the data controller. The association refused to provide information about applicants for qualification as engineers based on the access restriction provided for by 12(1)(35) AvTS. The attorney filed a complaint with the Estonian claiming that this restriction applies only to data that could significantly damage the integrity of the data subject's private life and not to those related to their professional activities. The DPA issued a decision ordering the disclosure of the requested data to the extent that it does not contain restricted information and the justification of any refusal. Subsequently, the data controller provided some information to the attorney, but the attorney submitted an objection arguing that the decision was not fully complied with because data such where and how long the applicants attended school, what additional training they completed and the assessments of their level of knowledge and abilities had not been included without any justification. On one hand, the complainant argued that the refusal to provide the information was only possible when its disclosure would lead to a significant harm to the data subject’s private sphere. They claimed that the Estonian Association of Civil Engineers was violating their right to access public information. On the other hand, the Estonian Association of Civil Engineers, sustained that these data concern the applicants’ private life and that the disclosure would substantially interfere on their right. It referred to the case law of the European Court of Human Rights, which highlighted that data relating to professional/commercial activities can also fall under the notion of private life information. It also alleged that there was no legal basis for making these data available for an unlimited number of persons. While recognizing that, in general, information provided to professional or
National Law Articles
Entities Involved
An attorney-at-law submitted a request for access to information to the Estonian Association of Civil Engineers, the data controller. The association refused to provide information about applicants for qualification as engineers based on the access restriction provided for by 12(1)(35) AvTS. The attorney filed a complaint with the Estonian claiming that this restriction applies only to data that could significantly damage the integrity of the data subject's private life and not to those related to their professional activities. The DPA issued a decision ordering the disclosure of the requested data to the extent that it does not contain restricted information and the justification of any refusal. Subsequently, the data controller provided some information to the attorney, but the attorney submitted an objection arguing that the decision was not fully complied with because data such where and how long the applicants attended school, what additional training they completed and the assessments of their level of knowledge and abilities had not been included without any justification. On one hand, the complainant argued that the refusal to provide the information was only possible when its disclosure would lead to a significant harm to the data subject’s private sphere. They claimed that the Estonian Association of Civil Engineers was violating their right to access public information. On the other hand, the Estonian Association of Civil Engineers, sustained that these data concern the applicants’ private life and that the disclosure would substantially interfere on their right. It referred to the case law of the European Court of Human Rights, which highlighted that data relating to professional/commercial activities can also fall under the notion of private life information. It also alleged that there was no legal basis for making these data available for an unlimited number of persons. While recognizing that, in general, information provided to professional or
Outcome
Violation Found
The DPA found a violation but did not impose a fine.
Related Enforcement Actions (0)
No other enforcement actions found for Eesti Ehitusinseneride Liit MTÜ in EE
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Eesti Ehitusinseneride Liit MTÜ - Estonia (2023). Retrieved from cookiefines.eu
Last updated: