AEPD
   HOME

TheInfoList



Click Here for Items Related To - AEPD
OR:
AEPD on:   [Wikipedia]   [Google]   [Amazon]

The Spanish Data Protection Agency (AEPD, es, Agencia Española de Protección de Datos) is an independent
agency Agency may refer to: Organizations * Institution, governmental or others ** Advertising agency or marketing agency, a service business dedicated to creating, planning and handling advertising for its clients ** Employment agency, a business that ...
of the government of Spain which oversees the compliance with the legal provisions on the protection of personal data. The agency is headquartered in the city of Madrid and it extends its authority to the whole country. Apart from the AEPD, there are regional data protection agencies. These agencies have limited access to the files of public administrations because all that information remains the responsibility of the national agency. Currently there are only two regional agencies: the Catalan Data Protection Authority and the Basque Data Protection Agency. From 1995 to 2013, there was also the Data Protection Agency of the Community of Madrid.


Legal basis and foundation

The AEPD was established by Royal Decree 428/1993 of 26 March, as amended by Organic Act 15/1999 on the Protection of Personal Data. This amendment implemented Directive 95/46/EC. The agency was created in the context of the Spanish Constitution of 1978, Article 18.4, stating that "the law shall restrict the use of informatics in order to protect the honour and the personal and family privacy of Spanish citizens, as well as the full exercise of their rights" as elaborated by Organic Law 5/1992.


Major activities

The AEPD is a public law authority enjoying "absolute independence from the Public Administration". It is responsible for: * Information awareness about its activities and the right to protection of personal data (including 450 interviews and 850 "impacts" on media) * Direct assistance in response to citizen queries (47,741 in 2007) * Procedures to protect rights of individuals to access, rectify, cancel, and object. Most common are processes to cancel (62%) and access (32%) * Registry of filing systems (1,017,266 total entries) * Inspection and sanction procedures (399 sanction procedures resolved with €19.6 million in fines) * Advocacy leading to Royal Decree 1720/2007 * Cooperation with international agencies and those of the autonomous communities of Catalonia, the
Basque Country Basque Country may refer to: * Basque Country (autonomous community), as used in Spain ( es, País Vasco, link=no), also called , an Autonomous communities of Spain, autonomous community of Spain (shown in pink on the map) * French Basque Country o ...
, and Madrid * Evaluation of emerging risks, including personal data on the Internet, generalisation of video surveillance systems, employer monitoring of labor by video surveillance, biometrics, and Internet usage, and intensification of international data flows In response to the latter point, the AEPD advocated: * Developing procedures allowing copyright protection in a manner compatible with the fundamental right to data protection * Regulating the anonymized publication of judgements passed by Courts of Law * Regulating internal whistleblowing systems available to workers within companies, outlining the activities in which it may be necessary to establish these systems and guaranteeing the confidentiality of those reporting and the rights of those being reported on * Development of specific public policy plans for the protection of minors on the Internet * Increased caution in order to prevent the undesirable exchange of sensitive personal data on the Internet via P2P networks * Fostering of self-regulation among the media to guarantee privacy and the protection of personal data, by encouraging more respect for the usage in relation to the data protection provisions * Citizen guideline actions regarding the use of guarantees of confidentiality for the recipients of emails * Plan for the Fostering of Good Practices in terms of guaranteeing privacy in Official Gazettes and Journals, by adopting measures that, without affecting their purpose, will limit the gathering of personal information by Internet search engines * Local Strategy aimed at conforming the installation of traffic control cameras to the provisions on the protection of personal data


Notable cases

The AEPD has been conducting anti-spam investigations since 2004, collaborating with foreign agencies such as the United States
Federal Trade Commission The Federal Trade Commission (FTC) is an independent agency of the United States government whose principal mission is the enforcement of civil (non-criminal) antitrust law and the promotion of consumer protection. The FTC shares jurisdiction ov ...
. The AEPD has come into conflict with Google over information gathered from Wi-Fi networks as Google Street View images were taken, asserting that "it has been verified that data on the location of wifi networks, with the identification of their owners, and personal data of a diverse nature in communications, such as names and surnames, messages associated with such accounts and message services, or user codes or passwords" had been collected. It has also demanded the removal of approximately 90 names from search results, claiming a " right to be forgotten". Google is contesting both actions.


See also

*
General Data Protection Regulation The General Data Protection Regulation (GDPR) is a European Union regulation on data protection and privacy in the EU and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and of human rights law, in partic ...


References


External links

* {{Portal bar, Spain, Law Specialist law enforcement agencies of Spain Anti-spam Data protection authorities Government agencies of Spain