The Spanish Data Protection Agency (AEPD) has imposed a fine of 2,000 euros on a community of owners due to the conduct of its president, who recorded a neighbor and unlawfully shared the images obtained from the video surveillance system via WhatsApp. These images were accompanied by derogatory comments from other neighbors.

The incident occurred when recordings were made using the video surveillance system, capturing images of the neighbor in question, who subsequently filed a complaint with the AEPD. These recordings took place in the common access/exit area of the community and the images were distributed via WhatsApp. The president of the community accessed the room where the video surveillance system was located without a justified cause.

The AEPD considers that the community of owners bears the responsibility of "responsible for the processing" of the images, regardless of the fact that the president has accessed them without a justified reason. In other words, the responsibility falls on the whole community of owners, since many neighbors were aware of the situation, as evidenced by the dissemination of the images through a well-known messaging system used exclusively by the same neighbors.

In addition, the AEPD maintains that the installation of surveillance cameras is the responsibility of the community of neighbors as a whole and not exclusively of the president, who acts merely as a representative. The agency emphasizes that "the management of the president(a) and other positions of the community can have legal consequences if not diligently carried out, including if decisions or behaviors are adopted that may be inappropriate for the community of owners using their position and authority".

In conclusion, the AEPD determines that there has been an illegal access to the images captured by the video surveillance system installed, which correspond to a community space and were accessed and disseminated without a valid justification through social networks. Therefore, it considers that these facts constitute an infringement for violation of Article 5.1 letter f) of the General Data Protection Regulation (GDPR), and therefore, imposes a fine of 2,000 euros to the community of owners.

‍