According to the newspaper "El País", the Spanish data protection supervisory authority has discontinued an ex officio procedure.
Last year, it became known that an unredacted version of an abuse report had been publicly available on the website of the Bishops' Conference for at least 18 days.
As a result, personal information and detailed reports on offences relating to a total of 45 victims were published.
The data protection supervisory authority reportedly established that this was the case.
The newspaper has received a decision from the data protection supervisory authority.
According to the information, it states that the Bishops' Conference "recognised the existence of a personal data breach and took the necessary countermeasures with great speed to ensure the removal of the published information and to correct the aforementioned personal data breach".
Therefore, the imposition of a sanction was not appropriate.
Disagreements about scope and handling
According to the newspaper's research, however, the data had been publicly accessible for longer than the authorities had assumed.
"El País" had also informed the data protection authority about the incident. Seven people affected had also complained to the authority, forcing it to take ex officio action.
At the time, the supervisory authority told the newspaper that the Bishops' Conference had not reported the data breach.
Furthermore, those affected had not been informed by the Bishops' Conference.
Data protection law provides for both.
The case is also before the Spanish courts.
Last year, nine affected parties filed a lawsuit against the Spanish Bishops' Conference for the data protection breach.
The current status of the proceedings is not known.