Yesterday in Spain, the Government Department for Telecommunications and Information Society hosted an event to commemorate the 20th anniversary of the introduction of the first Spanish data protection law and also to recognize EU Data Protection Day. Information about the event, titled: “20 years of data protection in Spain” is available (in Spanish) here. The first Spanish data protection law was introduced in 1992 and remained in effect until 14, January 2000, and was titled “the Automated Processing of Personal Data Regulation Act 5/1992, of 29 October 1992.” Since 14, January 2000, the Personal Data Protection Act 15/1999, of 13 December 1999 has been in effect.
The event took place in the midst of broader EU consideration of a proposed EU-wide regulation, including the prospect of strict amendments to the proposed regulation. Spanish Minister of Justice, Alberto Ruiz-Gallardón drew significant press attention by stressing his commitment that any EU regulation be practical and balanced. In the Minister’s own words: “The single market is key to overcome the crisis, but there are certain elements [from the proposed EU regulation] which can be improved. The goal is to avert suffocating the activities of [small and medium size enterprises], and avoid stifling R&D.”
Spain has a reputation for having one of the toughest data protection regimes in Europe. It is yet to be seen whether any new EU regulation will actually result in more uniformity among EU jurisdictions and a softening of, or more strict approach when compared to Spain’s current approach.