Seen at Iberian Lawyer:
The national authority for the protection of personal data has sufficient authority to order data deletion even if the data subject has not requested it. A ruling from the Court of Justice of the European Union based in Luxembourg clarifies that the European Regulation on the Protection of Personal Data empowers national authorities to safeguard privacy even if the data subject has not requested it.
The ruling comes after a preliminary ruling submitted by a Hungarian court. A municipality in the Hungarian country requested economic information from its citizens from the Treasury to grant or deny them social assistance as a result of COVID-19. The data protection authority requested the municipality to delete the data of those who had not requested assistance, but the municipality refused, arguing that there had been no request for data deletion by the data subjects.
Luxembourg resolves that even in the absence of a data subject’s request, the authority’s request is sufficient to execute deletion and adequately protect the privacy of citizens.
Read more at Iberian Lawyer.
Read the Finding: Case C- 46/23