Limerick City and County Council

Description

The Irish DPA has fined Limerick City and County Council EUR 110,000. As part of an investigation, the DPA conducted an audit of the processing of personal data by the council or on its behalf using video surveillance systems, automatic license plate recognition, body-worn cameras and other technologies that can be used to monitor individuals. In doing so, it found that the Council had violated a number of data protection laws in its use of the technologies. However, the fine was issued due to GDPR violations. The DPA found that the Council violated Art. 13 GDPR in relation to the processing of data by traffic cameras. The Council had failed to provide information on the identity of the data controller, the contact details of the data protection officer, the purposes of the processing and the bodies from which further information required under Art. 13 GDPR may be obtained. In addition, the Council failed to provide this information in an easily accessible manner such as on signs near the cameras. Further, the DPA concluded that the Council failed to post a video surveillance policy in an clear and plain language as well as in an easily accessible area of the Council's website. The DPA thus found an infringement of Art. 12 GDPR. Lastly, the Council has denied requests for access to personal data processed by surveillance cameras used in traffic management. For this reason, the DPA found that the Council violated Art. 15 GDPR.