The political group claims that the local government provided personal information of staff at municipal nursery schools to concessionary companies without applying necessary anonymization protocols. According to the filed complaint, the data was shared during the processing of administrative appeals filed by staff against contract management extensions.
The document states that the files included sensitive information such as full names, ID numbers, and home addresses. By forwarding these appeals to the contracting companies, which act as direct employers, the individual identification of the signatories was allegedly enabled, which the complaint claims has led to workplace pressure on the employees.
The complaint argues that the processing of this information by Madrid City Council exceeded the purpose for which it was initially collected, which was solely to verify the legitimacy of those filing the appeals. It is noted that the administration should have guaranteed confidentiality and the data minimization principle before transferring the documentation to third parties.
Given this situation, the Spanish Data Protection Agency has been requested to open an investigation to clarify the events. The request includes an analysis of the access mechanisms to administrative files and the security measures implemented to prevent unauthorized communication of personal information.
