Denmark: Datatilsynet issues decision criticising Municipality of Herning for inadequate data security measures

Wednesday
01:41:28
February
16 2022

Denmark: Datatilsynet issues decision criticising Municipality of Herning for inadequate data security measures

View 2.2K

word 354 read time 1 minute, 46 Seconds

The Danish data protection authority ('Datatilsynet') issued, on 10 February 2022, its decision in Case No. 2021-432-0077, as issued on 11 January 2022, in which it expressed criticism against the Municipality of Herning for its violation of Article 32(1) of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), following its failure to adopt appropriate technical and organisational measures in connection with its processing of personal data via the IT system, 'Affaldsweb'.

Background to the case

In particular, the Datatilsynet stated that, following a citizen's compliant, it had initiated an investigation against the Municipality for its personal data processing activities via the IT system, Affaldsweb. In this regard, the Datatilsynet stated that users of the IT system (citizens), who could login to the system using a unique 5-digit code, were able to access the information of those who they share a waster container with, about who had last edited/ordered waste containers, as well as contact information entered by such users. Additionally, the Datatilsynet noted that the system was prone to URL manipulation that allowed the retrieval of information about addresses and container conditions, both of which could amount to personally identifiable information.

Findings of the Datatilsynet

Notably, the Datatilsynet found that access controls based on 5-digit code had not provided appropriate security against attempts to adjust URLs to access the personal information of other users. Furthermore, the Datatilsynet noted that, in response to the Municipality's claim that the processing's less sensitive nature meant that the service to users/citizens exceeded potential risks to their data subject rights, such a balancing act does not challenge the fact that all personal data is worthy of protection. In this regard, the Datatilsynet further emphasised that URL manipulation is a security risk that is generally known and should have been addressed by the Municipality. As such, the Datatilsynet found the Municipality had failed to implement appropriate technical and organisational measures for personal data security in breach of Article 32(1) of the GDPR.

Outcomes

Ultimately, the Datatilsynet expressed criticism against the Municipality for failing to adhere to the requirements of Article 32(1) of the GDPR.






Source by Redazione


LSNN is an independent editor which relies on reader support. We disclose the reality of the facts, after careful observations of the contents rigorously taken from direct sources, we work in the direction of freedom of expression and for human rights , in an oppressed society that struggles more and more in differentiating. Collecting contributions allows us to continue giving reliable information that takes many hours of work. LSNN is in continuous development and offers its own platform, to give space to authors, who fully exploit its potential. Your help is also needed now more than ever!

In a world, where disinformation is the main strategy, adopted to be able to act sometimes to the detriment of human rights by increasingly reducing freedom of expression , You can make a difference by helping us to keep disclosure alive. This project was born in June 1999 and has become a real mission, which we carry out with dedication and always independently "this is a fact: we have never made use of funds or contributions of any kind, we have always self-financed every single operation and dissemination project ". Give your hard-earned cash to sites or channels that change flags every time the wind blows , LSNN is proof that you don't change flags you were born for! We have seen the birth of realities that die after a few months at most after two years. Those who continue in the nurturing reality of which there is no history, in some way contribute in taking more and more freedom of expression from people who, like You , have decided and want to live in a more ethical world, in which existing is not a right to be conquered, L or it is because you already exist and were born with these rights! The ability to distinguish and decide intelligently is a fact, which allows us to continue . An important fact is the time that «LSNN takes» and it is remarkable! Countless hours in source research and control, development, security, public relations, is the foundation of our basic and day-to-day tasks. We do not schedule releases and publications, everything happens spontaneously and at all hours of the day or night, in the instant in which the single author or whoever writes or curates the contents makes them public. LSNN has made this popular project pure love, in the direction of the right of expression and always on the side of human rights. Thanks, contribute now click here this is the wallet to contribute


Similar Articles / Denmark:... measures