Fernando J. Pérez
Madrid 8 MAR 2019 - 20:40 CET
The National High Court has confirmed the administrative penalty of 40,000 euros imposed on the Assemblea Nacional Catalana (ANC) for not properly protecting the personal data of 53,818 of its affiliates and supporters, which ended up in the hands of hackers and were published on social networks in April 2014. The pro-sovereignty entity, presided over by Carme Forcadell, neglected to care about information specially protected by law, such as ideology, union affiliation and beliefs, as well as another referring to personal identity, addresses and economic and financial data. The court has also fined the ANC with 200,000 euros for violating the data protection law with the so-called Gigasurvey for the illegal consultation of November 9, 2014, a survey for which Omnium Cultural, the other large civil organization pro-independence, has already been fined.
The ruling, from the Contentious-Administrative Chamber, confirms the two fines that the Spanish Data Protection Agency imposed on the ANC. The ruling explains that, in April 2014, the entity prepared a file with data from all its associates to prepare the general assembly that was to be held in Tarragona. From this file, in September of the same year, the group calling itself Anonymous Catalonia published, in its Facebook profile, a set of data of members of the ANC, such as the numbers of associate, names and surnames, DNI, emails, types of partner and, where appropriate, debts with the entity.
The ANC, after knowing the leak, filed a complaint in which it showed that access to the data could be produced through the archive of the census of partners used to prepare the General Assembly of the month of April 2014. This file was deleted once the meeting of the highest body of the entity ended. The ANC requested from Facebook and Wikisend, the encrypted platform with which the data were transferred, the withdrawal of the illegally published files.
The lack of adequate security measures to guarantee the security of the personal data contained in the file created for the management of the ANC assembly has been proven for the judges. The web application, made available to the associates for that assembly, allowed access to the file through the DNI number, without any type of password. That lack of security measures, assures the ruling of the Court, allowed an unidentified third party to access the profile of the 53,818 registered associates at the time of access, and obtain personal data.
In the same ruling, the National High Court has confirmed another penalty of 200,000 euros for very serious infringement, which the Spanish Data Protection Agency imposed in April 2016 on the ANC - as well as on Omnium Cultural - for carrying out a survey throughout Catalonia about independence. This poll, by the way in which it was conducted and in which the data were treated, potentially allowed to personally identify supporters or those opposed to secession. The pro-sovereignty entities carried out the so-called Gigasurvey between October and November 2014, in the middle of the campaign ‘Ara es l'Hora’ (Now is the Time) for mobilization for the sovereignty consultation of November 2014, organized by the Generalitat despite the ban of the Constitutional Court.
0 comentarios:
Post a Comment