HOME

TheInfoList



Click Here for Items Related To - Spanish Data Protection Agency
OR:
Spanish Data Protection Agency on:   [Wikipedia]   [Google]   [Amazon]

The Spanish Data Protection Agency (AEPD, ) is an independent agency of the
government of Spain The government of Spain () is the central government which leads the executive branch and the General State Administration of the Kingdom of Spain. The Government consists of the Prime Minister and the Ministers; the prime minister has the ...
which oversees the compliance with the legal provisions on the protection of personal data. The agency is headquartered in the city of
Madrid Madrid ( ; ) is the capital and List of largest cities in Spain, most populous municipality of Spain. It has almost 3.5 million inhabitants and a Madrid metropolitan area, metropolitan area population of approximately 7 million. It i ...
and it extends its authority to the whole country. Apart from the AEPD, there are regional data protection agencies. These agencies have limited access to the files of public administrations because all that information remains the responsibility of the national agency. Currently there are only two regional agencies: the Catalan Data Protection Authority and the Basque Data Protection Agency. From 1995 to 2013, there was also the Data Protection Agency of the Community of Madrid.


Legal basis and foundation

The AEPD was established by Royal Decree 428/1993 of 26 March, as amended by Organic Act 15/1999 on the Protection of Personal Data. This amendment implemented Directive 95/46/EC. The agency was created in the context of the
Spanish Constitution of 1978 The Spanish Constitution () is the supreme law of the Kingdom of Spain. It was enacted after its approval in 1978 in a constitutional referendum; it represents the culmination of the Spanish transition to democracy. The current version was a ...
, Article 18.4, stating that "the law shall restrict the use of informatics in order to protect the honour and the personal and family privacy of Spanish citizens, as well as the full exercise of their rights" as elaborated by Organic Law 5/1992.


Major activities

The AEPD is a public law authority enjoying "absolute independence from the Public Administration". It is responsible for: * Information awareness about its activities and the right to protection of personal data (including 450 interviews and 850 "impacts" on media) * Direct assistance in response to citizen queries (47,741 in 2007) * Procedures to protect rights of individuals to access, rectify, cancel, and object. Most common are processes to cancel (62%) and access (32%) * Registry of filing systems (1,017,266 total entries) * Inspection and sanction procedures (399 sanction procedures resolved with €19.6 million in fines) * Advocacy leading to Royal Decree 1720/2007 * Cooperation with international agencies and those of the
autonomous communities The autonomous communities () are the first-level administrative divisions of Spain, created in accordance with the Spanish Constitution of 1978, with the aim of guaranteeing limited autonomy to the nationalities and regions that make up Spa ...
of
Catalonia Catalonia is an autonomous community of Spain, designated as a ''nationalities and regions of Spain, nationality'' by its Statute of Autonomy of Catalonia of 2006, Statute of Autonomy. Most of its territory (except the Val d'Aran) is situate ...
, the Basque Country, and
Madrid Madrid ( ; ) is the capital and List of largest cities in Spain, most populous municipality of Spain. It has almost 3.5 million inhabitants and a Madrid metropolitan area, metropolitan area population of approximately 7 million. It i ...
* Evaluation of emerging risks, including personal data on the Internet, generalisation of video surveillance systems, employer monitoring of labor by video surveillance,
biometrics Biometrics are body measurements and calculations related to human characteristics and features. Biometric authentication (or realistic authentication) is used in computer science as a form of identification and access control. It is also used t ...
, and Internet usage, and intensification of international data flows In response to the latter point, the AEPD advocated: * Developing procedures allowing copyright protection in a manner compatible with the fundamental right to data protection * Regulating the anonymized publication of judgements passed by Courts of Law * Regulating internal
whistleblowing Whistleblowing (also whistle-blowing or whistle blowing) is the activity of a person, often an employee, revealing information about activity within a private or public organization that is deemed illegal, immoral, illicit, unsafe, unethical or ...
systems available to workers within companies, outlining the activities in which it may be necessary to establish these systems and guaranteeing the confidentiality of those reporting and the rights of those being reported on * Development of specific public policy plans for the protection of minors on the Internet * Increased caution in order to prevent the undesirable exchange of sensitive personal data on the Internet via
P2P network Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the network, forming a peer-to-peer network of Node ...
s * Fostering of self-regulation among the media to guarantee privacy and the protection of personal data, by encouraging more respect for the usage in relation to the data protection provisions * Citizen guideline actions regarding the use of guarantees of confidentiality for the recipients of emails * Plan for the Fostering of Good Practices in terms of guaranteeing privacy in Official Gazettes and Journals, by adopting measures that, without affecting their purpose, will limit the gathering of personal information by Internet search engines * Local Strategy aimed at conforming the installation of traffic control cameras to the provisions on the protection of personal data


Notable cases

The AEPD has been conducting
anti-spam Various anti-spam techniques are used to prevent email spam (unsolicited bulk email). No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email ( false positives) as opposed ...
investigations since 2004, collaborating with foreign agencies such as the
United States The United States of America (USA), also known as the United States (U.S.) or America, is a country primarily located in North America. It is a federal republic of 50 U.S. state, states and a federal capital district, Washington, D.C. The 48 ...
Federal Trade Commission The Federal Trade Commission (FTC) is an independent agency of the United States government whose principal mission is the enforcement of civil (non-criminal) United States antitrust law, antitrust law and the promotion of consumer protection. It ...
. The AEPD has come into conflict with
Google Google LLC (, ) is an American multinational corporation and technology company focusing on online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, consumer electronics, and artificial ...
over information gathered from
Wi-Fi Wi-Fi () is a family of wireless network protocols based on the IEEE 802.11 family of standards, which are commonly used for Wireless LAN, local area networking of devices and Internet access, allowing nearby digital devices to exchange data by ...
networks as
Google Street View Google Street View is a technology featured in Google Maps and Google Earth that provides interactive panoramas from positions along many streets in the world. It was launched in 2007 in several cities in the United States, and has since expa ...
images were taken, asserting that "it has been verified that data on the location of wifi networks, with the identification of their owners, and personal data of a diverse nature in communications, such as names and surnames, messages associated with such accounts and message services, or user codes or
password A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of password-protected services t ...
s" had been collected. It has also demanded the removal of approximately 90 names from search results, claiming a "
right to be forgotten The right to be forgotten (RTBF) is the right to have private information about a person be removed from Internet searches and other directories in some circumstances. The issue has arisen from desires of individuals to "determine the developmen ...
". Google is contesting both actions.


See also

*
General Data Protection Regulation The General Data Protection Regulation (Regulation (EU) 2016/679), abbreviated GDPR, is a European Union regulation on information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of ...


References


External links

* {{Portal bar, Spain, Law Specialist law enforcement agencies of Spain Anti-spam Data protection authorities Government agencies of Spain