The Office for Personal Data Protection (ÚOOÚ) issued a total of 30 fines for unsolicited commercial messages for CZK 828,000 ($39,000) last year, according to the ÚOOÚ’s annual report. The highest fine was CZK 250,000.
This marks a significant improvement compared to 2021 when 30 fines were also issued in this area, but the total amount was as high as CZK 2.9m, and the highest fine was CZK 600,000. The chairman of ÚOOÚ, Jiří Kaucký, pointed out that there is often a lack of sufficient technical knowledge in public administration on how to handle personal data in information and communication systems, what algorithms are being processed, where they are being transferred and who can obtain and use them without problems.
According to the annual report, ÚOOÚ had to deal with the Movement for the Freedom of Animals (PES) case, which published the addresses of some MPs who voted for the pandemic law amendment. This step allegedly violated European privacy rules, and ÚOOÚ initiated administrative proceedings against the movement.
However, the outcome of this proceeding was not published in the annual report. The office also discovered security breaches by an online reservation system provider for coronavirus vaccination. This allowed the display of an insurance number, which could lead to the publication of a personal identification number.
Additionally, the report stated that the Ministry of the Interior was fined approximately CZK 1m for the unauthorized processing of personal health data of people who were ordered to be isolated due to coronavirus. The police defended their actions as necessary to help protect public health, but the ministry was fined instead of the national police because it has no legal personality. This matter will have to be discussed by the Senate.
The annual report also mentioned that ÚOOÚ dealt with the issue of camera systems in hospitals and the processing of personal data by court bailiffs. According to the yearly report, ÚOOÚ received 2,200 requests for advice and consultation and 2,155 requests for processing subjective data complaints from individuals in 2022. Overall, the annual report highlights the challenges facing public authorities, businesses, and individuals when protecting personal data in the digital age.