On October 17, the Spanish data protection authority published the Guide to Privacy by Design. While Privacy by Design first became a legal requirement in the EU with implementation of the General Data Protection Regulation, it is a well-known concept among privacy professionals that dates back to the 1990s. PbD should be construed as “the need to consider privacy and the principles of data protection from the inception of any type of processing.” It is a concept focused on risk management and accountability that aims to incorporate privacy protections throughout the life cycle of systems, services, products, and processes. It involves the application of measures for privacy protection among all business processes and practices associated to personal data.
Tag Archives: Spanish Data Protection Agency
Complaints Filed with Spanish Data Protection Agency Rise by 12% in 2012
The Spanish Data Protection Agency has published its annual report for 2012. The report contains a detailed description of the activities undertaken by the Spanish DPA in 2012 together with its view of the latest trends and challenges related to data protection, including an increase in the number of complaints lodged with and monetary sanctions issued by the Agency.
Spanish Data Protection Agency Releases Guidance on Cookies Regulation
On April 26th, the Spanish Data Protection Agency (“SDPA”) issued its long-awaited guidance on the Spanish cookies regulation, which requires companies seeking to place cookies on users’ devices to obtain those users’ prior opt-in consent after providing them with clear and complete information about the use of cookies and the purposes for which data collected via cookies will be processed. The guidance, which the SDPA drafted in collaboration with industry, takes a business-oriented approach and provides companies with several alternatives for complying with the regulation’s notice and consent requirements.
Spanish Supreme Court Annuls Limitation on Processing of Personal Data
Following the advice of the Court of Justice of the European Union in its November 2011 ruling, the Spanish Supreme Court struck down certain provisions of Spain’s data protection law that it said went beyond the requirements of the EU Data Protection Directive (95/46/EC), in a ruling made public February 13, 2012.
Ground breaking modification of the Spanish laws
A decision last week by the Court of Justice of the European Union (“ECJ”) introduces an important change to Spanish data protection framework – the “legitimate interest” justification.
Social Network Impersonator Fined by Spanish Data Protection Authority In New Exercise of Regulatory Authority
On October 20th, the Spanish Data Protection Authority, the Agencia Espanola de Protecccion de Datos (AEPD), announced an unprecedented decision against an individual who impersonated someone on a social networking site and thus engaged in identity theft. The AEPD fined the individual who had created a profile in a sexually-oriented social network, and chose not to proceed against the online host of the offending content.