argomento: News del mese - Diritto Internazionale e Comunitario

Articoli Correlati: Spain - access to job - criminal record

The Spanish Data Protection Agency (AEPD) has imposed a fine of two million euros on the Spanish subsidiary of a multinational e-commerce company for requesting a certificate of absence of criminal offenses as a condition to work as a delivery driver for the company.The complaint was filed by the General Workers Union before the Agency in November 2019 that showed that, among the documentation required by the subsidiary, was the criminal record certificate as a requirement to access the job. According to the entity “a criminal record certificate that shows that a person (...) has no criminal convictions does not strictly speaking include any data related to criminal convictions and offenses”. In any case, the AEPD rejects this argument as it considers that the information contained in a criminal record certificate constitutes personal data. In the development of the case, the AEPD refers to the Judgment of the Social Chamber of the National Court 14/2020, of February 10, 2020, which states that “even the request for a responsible statement that one lacks a criminal record has to be considered as a processing of data relating to criminal convictions”. The processing of personal data of a criminal nature may only be carried out under the supervision of public authorities or when it is covered by a rule of Union law. Therefore, after taking into account the duration of the offense, the large number of people affected, the level of damage caused - both to the people who had access to the work and to those who did not - and the risk to their privacy to which they have been exposed, the AEPD has qualified this infringement as “very serious”. In addition to the economic sanction, the AEPD has also required the multinational to adapt the processing operations it carries out and the information it provides to data subjects to the personal data protection regulations within the period of one month.