Practical guide · GDPR

Council minutes: a real AEPD case for publishing personal data

7 min read

Municipal transparency requires reporting on the decisions taken by governing bodies. However, that duty doesn't make publishable every piece of personal data appearing in the interventions, requests or files handled during a session.

The case of the Los Alcázares Town Council shows why plenary minutes must be reviewed before being disclosed on a municipal website or notice board.

What information was published?

The Council openly published the minutes of an ordinary plenary session held on 26 February 2014. They included a resident's name and surnames, a request to pay unpaid municipal taxes in instalments and the specific amounts owed.

The AEPD concluded that the disclosed data was excessive and not relevant for the purpose of informing about the local authority's activity.

Transparency doesn't require identifying the citizen

The public could learn about the matter and the decision taken without identifying the resident or disclosing their tax situation. Publicity had to be limited to necessary information.

The decision was issued under the earlier Organic Law 15/1999, but the practical criterion still applies: the minimisation principle requires avoiding the publication of data that isn't necessary for transparency.

What did the Council have to do?

The AEPD required removal of the full minutes and publication of an extract that erased the affected person's data. It also indicated that the Council should, as a general rule, anonymise personal data included in extracts of sessions, resolutions and decisions.

Official source: Case File E/01062/2016.

What data to review in council minutes

  • Names and surnames of private individuals.
  • National ID numbers and other identifiers.
  • Addresses, phone numbers and emails.
  • Tax, banking or asset information.
  • Health, disability or social service data.
  • Information about minors and family situations.
  • Licence plates, land registry references and signatures.

How to anonymise minutes before publishing them

  1. Identify the private individuals mentioned and the context of each reference.
  2. Determine which information is essential to understand the decision.
  3. Remove or replace unnecessary identifiers.
  4. Check whether other data allows indirect identification.
  5. Review annexes, signatures and incorporated documents.
  6. Validate the public version and keep it separate from the original.

How anonimIA helps

anonimIA helps prepare public versions of minutes, resolutions and administrative files with a detection, review and validation workflow.

Do you anonymise documents daily?

Stop redacting by hand. Automate it with anonimIA.

Upload your PDFs and get GDPR-compliant anonymised documents in seconds.

Try it free