Thursday, July 7

The change of name of the Carranza stadium in Cádiz, denounced again for technical failures and possible identity theft

The name change of the stadium Ramón de Carranza de Cádiz is entering a loop. Since last Monday, June 14, the City Council has enabled a form on the Transparency website so that those of legal age registered in the city can choose between the eight proposals selected by the work commission after the previous stage of this process. But if the process was halted last November due to a data protection issue, now you can suffer the same fate.

The Estadio Carranza Platform was created to defend the legality of this name and has reported that Manuel Pérez Fabra, a member of it, has filed a complaint with the Cádiz City Council before the Andalusian Council for Transparency and Data Protection. The complaint that he filed in his day for the voting process of October 2020 already caused the suspension of the first vote.

This citizen requests that the pertinent agreements be issued to stop any action that, as a consequence of the so-called “process of renaming the Municipal Stadium of Cádiz”, and through data entered on its website, generate its verification in the municipal register, violating the Precepts of Organic Law 3/2018 of December 5, Protection of Personal Data and guarantee of digital rights.

The claim is based on the argument that the City Council cannot consult the data of any citizen in the register as a result of the receipt on a web page of a DNI number and a date of birth, to protect an opinion in a survey or popular vote to be protected. According to this group, the law establishes that the processing of personal data “can only be considered based on the fulfillment of a legal obligation enforceable by the person in charge, in the terms provided in article 6.1.c) of Regulation (EU) 2016/679, when as provided for by a European Union law norm or a norm with the force of law “and that will be based” on the fulfillment of a mission carried out in the public interest or in the exercise of public powers conferred on the person in charge when it derives from an attributed competence by a norm with the force of law “.

The Platform had already denounced on the same day June 14 that the current system technically allows supposed anonymous voters through internet searches or by the use of algorithms to enter ID and date of birth that are not their own, and eventually produce identity theft which would later be endorsed with the search for them by the City Council and the apparent verification of veracity.

The response of the City Council

The Cádiz City Council has failed to explain why technically the name change process continues to offer these cracks. José María González Kichi affirms that it was foreseen that someone could commit an irregularity and trusts the system, despite the fact that they came to vote on his behalf: “All these things are foreseen, and more than foreseen, by those who have designed the platform And if there is someone who thinks they know more than a company with extensive experience in the sector such as Telefónica, which is precisely the one that brings us to the consultation page, then report it and I make it public but I recommend that you do not commit a crime, because impersonation is a serious crime. ”

The technical department that is advising the Cádiz City Council in this case has not wanted to make statements to this medium to clarify the situation. The City Council comments on the matter that “the data protection law is covered. For that there is a data protection delegate from an external company on these issues that has been hired.”

But the process is still under suspicion because the Andalusian Council for Transparency and Data Protection is still evaluating the previous complaint and the one just presented by the Estadio Carranza Platform has joined. The claim is filed by the Platform as an extension of the one that already existed, and which is currently in the preliminary investigation phase. From the Council they will transfer the extension of the same to the data protection delegate of the City Council. After the report, the file of actions or the initiation of a sanctioning procedure against the City Council will be decided for those elements that may imply an infringement of the data protection regulations.