On Thursday, 22 August 2024, Austrian privacy and digital rights group NOYB announced that it had filed two complaints (here and here) with the European Data Protection Supervisor (EDPS) against the European Parliament concerning a personal data breach in Parliament's PEOPLE recruitment platform.
The breach, which was reported to the European Data Protection Supervisor (EDPS) by Parliament on 26 April, affected more than 8000 current and former employees. Personal data involved in the breach included ID cards and passports, criminal record extracts, residence documents, and sensitive data such as marriage certificates that reveal a person's sexual orientation.
In the complaint, NOYB claims that the Parliament lacked adequate security measures given the risks associated with the data being processed, an infringement of Article 33 of the EU General Data Protection Regulation (GDPR).
Furthermore, NOYB highlights that the breach indicates Parliament failed to comply with the data minimisation and storage limitation requirements under Article 4(1)(c) and (e) of the GDPR. NOYB also argues Parliament's 10-year retention period for recruitment files is particularly concerning given that these files also contain special category data under Article 9.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 4,350 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.