With less than a year since it officially came into force, GDPR is already starting to impact court decisions in Romania and all around Europe. In this context, R&R Partners wins legal dispute in the field of Personal Data Protection, with financial damages awarded to R&R client.
The defendant had publicly exposed the claimant’s PIN or personal identification number (in Romanian: ‘CNP’), by showing it in a public place, without the person’s consent. The CNP is a specific string of digits that belongs only to a certain individual. Therefore, it is considered sensitive personal data. The organization was first contacted and asked to cease and desist, but they refused to take the document down. Moreover, they published it again even after the claimant took matters into his own hands and removed it himself.
Immediately after the incident, the Romanian Data Protection Authorities (in Ro: “ANSDCP”) were contacted. After prolonged investigations, the authority only issued a warning for the said organization. The matter was taken further in court, were the claimant finally received not only a formal recognition that his personal data protection rights had been disrespected, but also money compensation to be paid by the losing party.
The team of lawyers working on the case emphasized the vital role personal data plays in today’s society. And that such rights cannot be disrespected, moreover now that GDPR is in force. Also, when such misuse of personal data occurs, the operator should immediately minimise the impact. In this case, however, the organization took the opposite approach, by highly disregarding all GDPR general principles.