.png)
The national commission ruled that the fine was justified based on the 225 instances in which Lisbon authorities violated the General Data Protection Regulation. The practice of data-sharing, which dates back as far as 2012 under a previous mayoral administration, became illegal after the sweeping set of data-protection laws were enacted across the European Union in 2018. Nevertheless, it continued until last year.
Lisbonâs municipal government failed to follow transparency regulations and illegally shared private data, among other infractions, the commission said.
The regulatory body added that it rejected Lisbonâs request to pay less because the $1.4-million amount had already taken into account the pandemic-induced financial strain the government was under.
A âmuch higherâ fine would have been justified due to âthe degree of censorship of [Lisbonâs] conducts and the risksâ that these organizers face, the report said. (Serious violations of GDPR can result in fines of over $22 million.)
Last summer, Lisbonâs municipal office, led by then mayor Fernando Medina, drew public criticism after it admitted that personal details of at least three dissidents organizing a local demonstration in support of the jailed Russian opposition leader Alexei Navalny were shared with Russian officials. An investigation by Medinaâs office found further breaches, and Medina apologized for what he called a âbureaucratic error.â
Ksenia Ashrafullina, one of the protest organizers affected by the leak, found out that information like her phone number and home address had been given to the Russian embassy in Portugal as well as Russiaâs foreign ministry in Moscow based on email exchanges she had with local authorities, the Associated Press reported last June.
Her private information was required to apply for permission to hold the demonstration, Ashrafullina told AP, adding that the data-sharing could put her and other Russian dissidents in danger. She did not respond to request for comment from The Washington Post early on Saturday.
Other than Russia, countries such as Cuba, Angola, Venezuela and Israel, had also received private information of protest organizers targeting them, according to Reuters.
Months after the scandal, Medina, a member of the center-left Socialist Party, was voted out of office and replaced by Carlos Moedas from the right-leaning Social Democrat Party. Medina did not immediately respond to a request for comment from The Post.
GDPR places heavy restrictions on data transfer outside the EU, allowing such a move for only around a dozen countries. A common data protection agreement used in the United States, for instance, does not adequately uphold EU privacy law, a top EU court ruled in 2020.
Lisbonâs mayorâs office said in a statement the national commissionâs decision was âa heavy legacyâ left by the former administration and the fine would cause a strain on its budget, according to Reuters.
âWe will evaluate this fine in detail and how best to protect the interests of citizens and the institution,â the office added.
English (United States) · 
Turkish (Turkey) ·