A Kinder, Gentler Spanish Data Protection Authority?

Eric Packel
BakerHostetler
Contact
LinkedIn
Facebook
X
Send
Embed

As of July 24, Spain has a new director for its Data Protection Authority (Agencia Española de Protección de Datos — AEPD). The AEPD is the agency responsible for conducting investigations and bringing disciplinary actions concerning data protection issues, including compliance with Spain’s Data Protection Act of 1999 (called the “LOPD” in Spain), which implemented the EU’s Data Protection Directive 95/46/EC.

The new director at the helm of the AEPD, for a four-year term, is Mar España Martí. In what may be a change in tone at the AEPD, Martí acknowledged upon taking office that the perception of the AEPD was that it was a sanctioning body. Martí stated that the AEPD needed to engage more with public and private stakeholders to foster a respect for privacy. Martí said that she will be aiming to establish the appropriate balance between the right to privacy and the demands for information.

Martí could potentially be signaling a shift at the AEPD away from what has been perceived as a policy of heavy-handed fines. The AEPD has one of the most stringent penalty systems in the entire EU, with fines of up to €600,000 per privacy violation, depending on the severity of the privacy compliance matter.

In 2013, the AEPD fined Google €900,000 ($1.24 million) for what it considered three separate violations of the LOPD: gathering data on users, combining the data through various services, and keeping the data without the knowledge or consent of the users. In 2012 (the last year with complete data), the AEPD handled close to 900 sanctions proceedings, imposing fines totaling €21,054,656. More recently, in March 2015, the AEPD fined Orange, a Spanish mobile and broadband provider, €50,000. The fines related to the transferring of a customer’s personal information to a list of bad debtors, even though the customer’s service had been cancelled.

Whether the new AEPD director will in fact seek to rein in the investigations and fines issued by the AEPD remains to be seen. In the meantime, businesses that process personal data related to Spanish citizens should continue to remain mindful of the requirements of the LOPD.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© BakerHostetler | Attorney Advertising

Written by:

BakerHostetler
BakerHostetler
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

BakerHostetler on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide