Persónuvernd (Island) - 2021020374

Summary

The Icelandic DPA (Persónuvernd) ruled that the Directorate of Fisheries violated Article 6(1) and Article 5(1)(a) GDPR by recording a fishing vessel's crew during an inspection in March 2020. At the time, there was no explicit legal basis for such recording, as the relevant Act was amended in 2022 to allow camera use during inspections, and the DPA did not apply the amendment retroactively.

Full text

Help Persónuvernd (Island) - 2021020374: Difference between revisions From GDPRhub Jump to:navigation, search ← Older editVisualWikitext Revision as of 11:26, 3 October 2023 view sourceCo (talk | contribs)Bureaucrats, Interface administrators, noContributionReport, Administrators430 editsmTag: Visual edit← Older edit Latest revision as of 14:37, 29 May 2026 view source Ap (talk | contribs)Bureaucrats, Interface administrators, noContributionReport, Administrators661 editsm Tag: Visual edit Line 3: Line 3: |Jurisdiction=Iceland|Jurisdiction=Iceland |DPA-BG-Color=|DPA-BG-Color= |DPAlogo=|DPAlogo=LogoIS.png |DPA_Abbrevation=Persónuvernd|DPA_Abbrevation=Persónuvernd |DPA_With_Country=Persónuvernd (Island)|DPA_With_Country=Persónuvernd (Island) Latest revision as of 14:37, 29 May 2026 Persónuvernd - 2021020374 Authority: Persónuvernd (Island) Jurisdiction: Iceland Relevant Law: Article 5(1)(a) GDPR Article 6(1)(c) GDPR Type: Complaint Outcome: Upheld Started: 09.02.2021 Decided: 04.09.2023 Published: 04.09.2023 Fine: n/a Parties: n/a National Case Number/Name: 2021020374 European Case Law Identifier: n/a Appeal: n/a Original Language(s): Icelandic Original Source: Persónuvernd (in IS) Initial Contributor: co The Icelandic DPA held that the Directorate of Fisheries acted in violation of Article 6(1) GDPR and Article 5(1)(a) GDPR by recording the crew of a fishing vessel during an inspection. Contents 1 English Summary 1.1 Facts 1.2 Holding 2 Comment 3 Further Resources 4 English Machine Translation of the Decision English Summary Facts The Icelandic Directorate of Fisheries (the controller) is a public body responsible, among other things, to supervise fishing activities by fishing vessels and conduct inspections, partially without prior notification. The data subject and his employees were fishing, when they realised they were being filmed by a vessel of the Directorate of Fisheries. The data subject, as the captain of the vessel, later received a letter by the controller reprimanding the crew for unlawful fishing activities against the Icelandic law on treatment of marine stocks making reference to the recordings in question. The controller was in fact able to identify the vessel and its crew by using a powerful binoculars camera. The data subject felt that his right to privacy had been violated by the controller and thus filed a complaint with the Icelandic DPA on 9 February 2021. Holding The Icelandic DPA considered that the recording in question did not amount to electronic surveillance as defined in the Icelandic Law on Data Protection, since that requires the monitoring to be continuous or repeated on a regular basis. Still, the DPA held that all processing activities must be carried out in accordance with one of the legal bases set out in Article 6(1) GDPR and the principles of processing of Article 5(1) GDPR. The DPA specified that in order for the recording carried out by the Fisheries Directorate to be based on Article 6(1)(c) GDPR, there must be a clear provision in the law that allows for such processing to take place. In this case, the Act regulating the working of the Directorate of Fisheries, allows the Directorate to carry out inspections on fishing activities in Icelandic waters by accessing the vessels. Such Act was amended in 2022, adding a provision that explicitly allows the Directorate to use cameras for recording while carrying out its inspection duties. Yet, the monitoring in question took place in March 2020, when the above mentioned amendment had not been adopted yet. For this reason, the DPA concluded that the Act in question cannot be applied retroactively and thus at the time of the inspection, there was no legal basis for processing personal data by means of a camera under Article 6(1) GDPR. Hence, the Directorate of Fisheries had acted in violation of Article 6(1) GDPR. In addition to this, the Icelandic DPA held that since the inspection by the Directorate of Fisheries was carried out without previously informing the data subject, thus secretly, such processing should be considered in violation of the principle of transparency of processing enshrined in Article 5(1)(a) GDPR and against the provisions of Article 12 GDPR and Article 13 GDPR. Comment Share your comments here! Further Resources Share blogs or news articles here! English Machine Translation of the Decision The decision below is a machine translation of the Icelandic original. Please refer to the Icelandic original for more details. Solutions Processing of personal information by the Fisheries Agency Case no. 2021020374 4.9.2023 All processing of personal data must fall under one of the authorized provisions of the Personal Protection Act as well as be compatible with all the principles of the Personal Protection Regulation that personal data is processed in a lawful, fair and transparent manner towards the data subject. In this case, the complainant was not warned about the inspection and it was considered that the inspection by the Norwegian Fisheries Agency was carried out secretly and therefore did not comply with the transparency requirement of the privacy regulation. ---- Personal protection ruled in a case where a complaint was made about electronic monitoring by the Norwegian Fisheries Agency. More specifically, a complaint was made about the filming of an employee of the Fisheries Agency who pointed a camera with binoculars at the complainant and his employees while they were on board a fishing vessel while fishing outside the public domain. The conclusion of the Personal Protection Agency was that there was no electronic monitoring by the Norwegian Fisheries Agency, as there was no continuous or repeated monitoring. All processing of personal information must nevertheless be authorized by law, but according to the legal provisions that were in force when the said processing of personal information took place, the inspection of the Norwegian Fisheries Agency should be carried out by inspectors in person. The processing of personal information by the Norwegian Fisheries Agency was therefore not considered to be compatible with the law on personal protection and processing of personal information. Considering the changes that have taken place in the current rights and authorizations of the Norwegian Fisheries Agency for the processing of personal data, there was no reason to direct instructions to the Norwegian Fisheries Agency in the ruling. Ruling On September 4, 2023, Personal Protection issued the following ruling in case no. 2021020374: i Procedure 1. Outline of a case On February 9, 2021, Personal Protection received a complaint from [B]'s lawyer, on behalf of [A] (hereinafter the complainant), about the video recordings of the Norwegian Fisheries Agency of the fishing vessel [...]. By letter, dated On June 28, 2021, the Norwegian Fisheries Agency was invited to provide explanations regarding the complaint. The Norwegian Fisheries Agency's response letter was received by Personal Protection on July 9, 2021, together with an accompanying document. By letter, dated On October 4, 2021, the complainant was given the opportunity to comment on the explanations provided by the Norwegian Fisheries Agency. The complainant's comments were received by letter, dated October 29, 2021. When resolving the case, all the above-mentioned documents have been taken into account, although not all of them are separately explained in the following ruling. 2. Complainant's point of view The complainant bases his complaint on the fact that his privacy was violated by the filming of an employee of the Fishery Agency, who pointed a camera with a telescope at him and his employees while they were on board a fishing vessel while fishing outside the public domain. The Norwegian Fisheries Agency has referred to the video recordings in question in the agency's letter in which the ship's operator was reprimanded for violating Act no. 57/1996, on handling marine resources. Accordin

Entities