Ministry of Citizan Protection – €150,000 Fine (Greece, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Hellenic Data Protection Authority fined Greece's Ministry of Citizen Protection €150,000 for not properly informing citizens about new identity cards with biometric data. The Ministry failed to provide clear details on how personal data would be used, which is important for public trust. This ruling emphasizes the need for transparency when handling sensitive personal information.
What happened
The Ministry of Citizen Protection did not provide adequate information to the public about the processing of biometric data for new identity cards.
Who was affected
Citizens who were issued new identity cards containing biometric data were affected.
What the authority found
The authority ruled that the Ministry violated GDPR rules on transparency and data minimization by not giving timely and clear information about the data collection.
Why this matters
This ruling highlights the importance of transparency in data processing. It serves as a warning to public agencies to ensure they communicate clearly about how they handle personal data.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
A citizen filed a complaint about the issuance of new identity cards containing biometric data and the Ministry of Citizen Protection's failure to respond to an inquiry about the legality of this data processing. The HDPA initiated an investigation to examine the Ministry's compliance with GDPR, focusing on data minimization, transparency, and security measures. The Ministry explained its actions, including conducting a Data Protection Impact Assessment (DPIA), assessing risks, and implementing safeguards for biometric data. The DPA stressed the importance of providing adequate public information and ensuring individuals' rights regarding personal data access. The Hellenic Data Protection Authority (HDPA) found that the Ministry of Citizen Protection violated provisions of the GDPR related to transparency and data minimization concerning the issuance of new identity cards that contain biometric data. Specifically, the Ministry had failed to provide timely responses and sufficient information to the public regarding the processing of personal data in compliance with GDPR requirements. Reasoning: First, the DPA held that the controller violated Article 12 (Transparency) of the GDPR by failing to provide clear and timely information to the complainant and the public about the processing of their personal data in relation to the new identity cards. This included details about the legality, purpose, and scope of the data collection. Second, the DPA found that the Ministry had not fully complied with the principle of data minimization under Article 5(1)(c) of the GDPR. The authority noted concerns about the scope of biometric data collected and questioned whether all the data being processed was necessary for the stated purpose (issuance of identity cards). Third, the DPA emphasized the need for a Data Protection Impact Assessment (DPIA), as required by Article 35 of the GDPR, due to the high risks posed by the processing of biometric data. The Ministry had initiated th
Related Enforcement Actions (0)
No other enforcement actions found for Ministry of Citizan Protection in GR
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
23 September 2024
Authority
Hellenic Data Protection Authority
Fine Amount
€150,000
GDPRhub ID
gdprhub-8316About this data
Cite as: Cookie Fines. Ministry of Citizan Protection - Greece (2024). Retrieved from cookiefines.eu
Last updated: