Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Andorra: APDA reprimands Andorra Government in first enforcement action
The Andorran data protection authority (APDA) announced, on June 21, 2023, that it had issued a reprimand against the Government of Andorra, for violation of Law 29/2021, of 28 October, of Personal Data Protection (the Law), following multiple complaints by citizens.
Background to the decision
In particular, the APDA noted that several citizens had notified the APDA that they had received an email advising them to renew the digital certificate issued by the Andorran Public Administration Certification Body, explaining that the email in question was signed by the Spanish company AC Camerfirma, S.A..
Findings of the APDA
Further to this, at the end of the investigation, the APDA determined that the Government of Andorra had breached the principle of transparency under the Law, by failing to inform citizens that it would transfer their personal data relating to the digital certificate in question abroad.
Nevertheless, the APDA outlined that the Government of Andorra recognized that the mass sending of emails by Camerfirma had no justification, since the contract concluded with Camerfirma did not require it to contact the data subjects. However, the APDA noted that, according to the Government of Andorra, the contract was since terminated and, therefore, it was not liable to produce new violations of the Law in the future.
Outcomes
In conclusion, the APDA issued a reprimand to the Government of Andorra, which represents the first enforcement action since the entry into force of the Law.
You can read the announcement, only available in Catalan, here.