CEDHCASELAW;COMMUNICATEDCASES;ENG
CEDH · CASELAW;COMMUNICATEDCASES;ENG — 5 septembre 2024
- ECLI
- ECLI:CEDH:001-236111
- Date
- 5 septembre 2024
- Publication
- 5 septembre 2024
droits fondamentauxCEDH
Source : DILA / Judilibre · open data
Mes notes
privées · visibles par vous seulRésumé structuré
version préliminaireFaits
Non déterminable à partir du texte fourni.
Procédure
Non déterminable à partir du texte fourni.
Question juridique
Non déterminable à partir du texte fourni.
Solution
source officielleCommunicated
Résumé généré automatiquement — à vérifier avec la décision originale.
Analyse IA non disponible
Générez un résumé intelligent de cette décision
Texte intégral
.s800EAC49 { font-size:12pt } .s379BC09C { margin-top:36pt; margin-bottom:0pt; text-align:right } .sBB9EE52A { font-family:Arial } .s10950C61 { margin-top:0pt; margin-bottom:0pt; text-indent:14.2pt; text-align:justify } .s5E1364CA { margin-top:0pt; margin-bottom:12pt; text-align:center; page-break-inside:avoid; page-break-after:avoid; font-size:14pt } .s339D85E6 { margin-top:0pt; margin-bottom:14pt; text-align:center; page-break-inside:avoid; page-break-after:avoid } .s665E407E { margin-top:66pt; margin-bottom:14pt; text-align:center; page-break-inside:avoid; page-break-after:avoid } .s29100277 { font-family:Arial; font-weight:bold } .sA36B60A1 { font-family:Arial; font-style:italic } Published on 23 September 2024   SECOND SECTION Application no. 35473/23 Janne Cecilie THORENFELDT against Norway lodged on 18 September 2023 communicated on 5 September 2024 SUBJECT MATTER OF THE CASE The applicant is employed by the Norwegian Labour and Welfare Administration (hereinafter “NAV”). After an accident in 2015, she was granted a work assessment allowance and consequently became a personal user of NAV. In 2018 the applicant suspected that some of her colleagues had had unauthorised access to her file containing personal information and her health data. She thus sought information from the NAV on who had accessed her case file. She received an unspecified log of entries which showed dates of access to her file and the office involved but no specific information about who had accessed her case file or why. The applicant subsequently also contacted the Data Protection Authority which concluded that the NAV had not made sufficient evaluations to determine a suitable level of security for employees’ personal data which resulted in the fact that routines and technical solutions to provide for such security had been unsatisfactory. The Data Protection Authority considered this a breach of the General Data Protection Regulation (GDPR) and the NAV was ordered to establish a suitable level of security to ensure employees’ privacy. The NAV replied to the Data Protection Authority agreeing that technical solutions had been lacking when it came to employees’ personal data, and it presented a plan for such solutions with effect as of 1   January 2020. In 2020 the applicant again requested information about who had accessed her file and obtained a log, in respect of which she sought clarifications and reasons why several persons had accessed her file. In 2021 the applicant lodged an action against the NAV seeking to obtain a declaratory judgment and complaining about a violation of her rights under the data protection legislation, including the GDPR. She also claimed non-pecuniary damages, alleging that colleagues in the NAV had had unauthorised access to her case file, which contained personal health data, and that as a result she suffered emotional distress. The domestic courts found a breach of the GDPR on account of deficiencies established in the NAV’s system for securing personal data, but did not award the applicant any damages finding that she had failed to prove that unauthorised access to her personal data had actually occurred. The applicant complains, under Article 8 of the Convention, about a violation of her right to respect for her private life by the insufficient protection of the confidentiality of her records at the NAV. She also complains, under Article   13 of the Convention, that she had no effective domestic remedy at her disposal in respect of the breach of her right to privacy. QUESTIONS TO THE PARTIES 1.     Has there been a violation of the applicant’s right to respect for her private life under Article 8 of the Convention? In particular, has the respondent State failed in its positive obligation to protect the confidentiality of the applicant’s records within the data system of the Norwegian Labour and Welfare Administration (cf. I v.   Finland , no.   20511/03, §§ 35-49, 17 July 2008)?   2.     Did the applicant have at her disposal an effective domestic remedy for her complaint under Article 8, as required by Article 13 of the Convention?Citations
Aucune citation répertoriée pour cette décision.
Décisions connexes
Aucune décision similaire identifiée pour le moment.
Synthèse
- Juridiction
- CEDH
- Chambre
- CASELAW;COMMUNICATEDCASES;ENG
- Date
- 5 septembre 2024
- Matière
- droits fondamentaux
Référence
ECLI:CEDH:001-236111
Données disponibles
- Texte intégral
- Résumé officiel