Court case II SA/Wa 2826/19 – Court Ruling (Poland, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Polish DPA found that the Mayor of Aleksandrów Kujawski mishandled personal data by sharing it without proper agreements and failing to secure it adequately. The Mayor was ordered to stop these practices and improve data protection policies. This case underscores the importance of having clear data handling policies and agreements.
What happened
The Mayor of Aleksandrów Kujawski shared personal data without proper legal agreements and failed to implement adequate security measures.
Who was affected
Residents whose personal data was mishandled by the Mayor's office.
What the authority found
The Polish DPA ruled that the Mayor violated several GDPR principles by not having proper data protection policies and agreements in place.
Why this matters
This case highlights the need for public officials and organizations to have robust data protection measures and clear agreements when sharing personal data. It serves as a reminder to review and update data handling practices regularly.
GDPR Articles Cited
On 18.10.2019 the Polish DPA - UODO imposed a fine of PLN 40,000 on the Mayor of Aleksandrów Kujawski. UODO found that the Mayor violated: 1. Article 5(1)(a) and Article 5(1)(f) in connection with Article 5(2) by making personal data available to certain entities without a legal basis (without agreements on entrusting personal data); 2. Article 5(1)(e) in connection with Article 5(2), i.e. the principle of storage limitation and Article 24 GDPR through the lack of appropriate policies concerning the processing of personal data in the BIP (Biuletyn Informacji Publicznej); 3. Article 5(1)(f) in conjunction with Article 5(2), i.e. the principles of integrity and confidentiality, the principle of accountability, and Article 24 GDPR by failing to carry out a risk analysis of the Mayor's use of the YouTube channel for the transmission of the recordings of the deliberations of City Council; 4. [Article 5 GDPR#1f|Article 5(1)(f)]] in conjunction with Article 5(2), i.e. the principles of integrity and confidentiality, and Article 32 GDPR by failing to implement appropriate technical and organisational measures to safeguard the data of natural persons in connection with the storage of the recordings of the sessions of the City Council exclusively on the YouTube servers, without making and backing up those recordings in the own resources of the City Council; 5. Article 5(2), i.e. the principle of accountability and Article 30(1)(d) and Article 30(1)(f) by not indicating in the register of personal data processing activities, for activities related to the publication of information on the BIP website of the Municipal Council , all recipients of data and not indicating for these processing activities the planned date of data deletion in a manner ensuring data processing in accordance with the principle of limited storage. Apart from imposing a fine, UODO ordered the Mayor to: 1. stop providing personal data without a legal basis, 2. implement policies defining data processing p
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case II SA/Wa 2826/19 in PL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Court case II SA/Wa 2826/19 - Poland (2020). Retrieved from cookiefines.eu
Last updated: