Category Archives: Spain

The Spanish data protection watchdog (AEPD) has launched a first call for companies to start adapting to the new General Data Protection Regulation (GDPR), which will take effect from 25 May 2018. GDPR represents a major change in the management and culture of personal data protection. The AEPD outlines the following key areas to prepare for implementation: 1. Consent. The GDPR sets out that consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data. This excludes the so-called tacit consent, permitted by current Spanish data protection regulations.In the AEPD's view, consent obtained prior to the GDPR's entry into force will be only lawful provided that informed consent complies with the new GDPR rules when these take effect in 2018. Thus, the AEPD recommends that entities that until now have used … Continue Reading ››
Datonomy's correspondents in Spain report on an important decision in the continuing saga of RTBF actions against Google. What's new? On 14 March 2016, the Spanish Supreme Court (Tribunal Supremo) issued an important ruling in favor of Google Spain on the right to be forgotten. The judgment held that claims concerning the right to be forgotten should be submitted directly to Google Inc in the United States. The Spanish Supreme Court's decision The Supreme Court considered that only Google Inc (headquartered in US) should be considered as a data controller, determining the purposes and means of the processing of personal data for Google Search. The Court considers that Google Spain is not involved in the processing of personal data necessary for the operation of the search engine (for instance, indexing or storing data from third-party websites), and therefore, it should not take over the claims brought by users seeking to exercise the right to … Continue Reading ››
Retailers are increasingly using facial recognition technologies to track customers in-store.  This technical innovation has positive connotations for both, retailers and customers, by targeting loyal clients and higher spenders, and improving users’ store-buying experience. However, a special emphasis should be placed on privacy issues, so as not to compromise data subjects’ fundamental right to data protection.  The Spanish Data Protection Agency (AEPD) issued some guidance on this hot topic (0328/2012 and 0392/2011).  In this post, we look at the issues retailers need to factor in order to stay on the right side of data protection law. Facial recognition systems may be considered highly invasive, since images can be captured and processed from a range of viewpoints without the knowledge of the data subject. As pointed out by the Article 29 Working Party, even when a data subject is aware that a camera is operating, there may be no … Continue Reading ››
On 15th October 2015 the Spanish Supreme Court handed down its first ruling[1] on the so-called digital “right to be forgotten" in which it states that harmful information affecting individuals without public relevance should not be accessible to Internet search engines when the news has lost relevance over time. The background of the case The decision of the Court is based on the following facts: in the 1980s two people were involved in drug-trafficking and consumption. After being arrested, they were finally convicted for drug smuggling and imprisoned. A few years ago, after having served their sentence imposed for these facts and having remade their personal, family and professional life, they found out that by typing their names in the major Internet search engines (particularly, Google and Yahoo!), the news that once was published in a newspaper (El País) now appeared among the first search results, because such newspaper had … Continue Reading ››