The pre-draft bill (Draft Bill) on Spanish Organic Law for the Protection of Minors in Digital Environments has been adopted and is currently open for public comments until 28 June 2024. Although still in its early stages,...more
The Spanish Data Protection Agency ("Spanish DPA") has recently published on its blog guidance on the assessment of human intervention in automated decisions. Evaluating the degree of human intervention has become a critical...more
La Agencia Española de Protección de Datos (AEPD) ha publicado un nuevo informe sobre los sistemas internos de información en el contexto de la Ley 2/2023 de 20 de febrero, reguladora de la protección de las personas que...more
Following NOYB's filing of 101 complaints over continuous EU-U.S. data transfers by websites operators in the European Economic Area (EEA) in the post-Schrems II era, the Spanish Data Protection Agency (AEPD) issued its first...more
The Spanish Data Protection Agency (Spanish DPA) has published guidance on age verification and protection of minors from inappropriate content. After a year of sanctions to adult content service providers, the Spanish DPA...more
A new EU General Court ruling has nuanced the threshold between pseudonymous and anonymous data. In particular, it clarifies that supervisory authorities need to carry out a “test” to assess whether data can be deemed...more
The Spanish Data Protection Authority has opened a public consultation process to obtain comments for an incoming decision establishing the rules for commercial communications via telephone. This decision will be binding upon...more
Some weeks ago, we described the highlights of the new "Code of Conduct on the processing of personal data in the field of clinical trials and other clinical research as well as pharmacovigilance" (CoC) and the impact on data...more
Last week we raised our hands to inform you about the Spanish Data Protection Authority’s approval of the "Code of Conduct on the processing of personal data in the field of clinical trials and other clinical research as well...more
3/10/2022
/ Clinical Trials ,
Code of Conduct ,
Cybersecurity ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Research and Development ,
Spain
As it has been said countless times, you have to know the past to face the future. While not that epic, focusing on what has happened in the Spanish data protection environment during the last year is an interesting starting...more
The Spanish Data Protection Agency (“Spanish DPA”) decided to start 2021 the same way it ended 2020: by imposing the highest fines to date (EUR 5,000,000 and 6,000,000) to two large Spanish financial entities. ...more
3/11/2021
/ Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Enforcement Actions ,
EU ,
Financial Institutions ,
Fines ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Personally Identifiable Information ,
Spain
This is the time of the year in which we look back to what has happened during the last 12 months and try to get ready for what is to come. This can be done in many ways, although one of the most common practices is to rely...more
Aunque los conceptos de responsable y encargado del tratamiento han sido ampliamente estudiados y analizados en el pasado, el Comité Europeo de Protección de Datos ha publicado recientemente una guía en la que, además de...more
Nadie puede ignorar la importancia de las redes sociales hoy en día. A nivel usuario, se han erigido como uno de los principales canales de comunicación y pilar de las nuevas (o no tan nuevas) generaciones, y a nivel de...more
Last November, the Spanish Data Protection Authority (Spanish DPA) published its new Guidelines on the Use of Cookies within the framework of the GDPR and Spanish E-privacy rules. ...more
7/31/2020
/ Cookies ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
e-Privacy Directive ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Requirements ,
Spain
Does the GDPR really apply to my company? From a data protection standpoint, this is the first thing that comes to mind within non-EU companies. In many cases, the GDPR seems like an issue of the Old Continent, so some assume...more
12/31/2019
/ Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Jurisdiction ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Management
On October 17, the Spanish data protection authority (AEPD) published the Guide to Privacy by Design (Guide). While Privacy by Design (PbD) first became a legal requirement in the EU with implementation of the General Data...more
11/7/2019
/ Cybersecurity ,
Data Management ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Security ,
EU ,
General Data Protection Regulation (GDPR) ,
New Guidance ,
Personal Data ,
Spain ,
Transparency