Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends
Posted in International/EU Privacy, News & Events

20 Years of Data Protection in Spain

AEPDYesterday in Spain, the Government Department for Telecommunications and Information Society hosted an event to commemorate the 20th anniversary of the introduction of the first Spanish data protection law and also to recognize EU Data Protection Day.  Information about the event, titled: “20 years of data protection in Spain” is available (in Spanish) here.  The first Spanish data protection law was introduced in 1992 and remained in effect until 14, January 2000, and was titled “the Automated Processing of Personal Data Regulation Act 5/1992, of 29 October 1992.”  Since 14, January 2000, the Personal Data Protection Act 15/1999, of 13 December 1999 has been in effect.

At the event, the Spanish Secretary of State for Telecommunications and Information Society, Víctor Calvo-Sotelo, appeared to issue a clear warning to Internet companies with business models based on advertising and the use of cookies when he stated:  “Freedom of information should not be achieved at the expense of a loss of control or a loss of technological freedom. This is a task for the Spanish Data Protection Agency that collides directly with certain multinational companies.”  In making the comments, he highlighted the Spanish Data Protection Agency’s power to impose penalties.

The event took place in the midst of broader EU consideration of a proposed EU-wide regulation, including the prospect of strict amendments to the proposed regulation.  Spanish Minister of Justice, Alberto Ruiz-Gallardón drew significant press attention by stressing his commitment that any EU regulation be practical and balanced.  In the Minister’s own words: “The single market is key to overcome the crisis, but there are certain elements [from the proposed EU regulation] which can be improved. The goal is to avert suffocating the activities of [small and medium size enterprises], and avoid stifling R&D.”

Spain has a reputation for having one of the toughest data protection regimes in Europe.  It is yet to be seen whether any new EU regulation will actually result in more uniformity among EU jurisdictions and a softening of, or more strict approach when compared to Spain’s current approach.