Spanish Data Protection Agency Explained

Agency Name:Spanish Data Protection Agency
Type:Department
Nativename:Agencia Española de Protección de Datos
Jurisdiction:Government of Spain
Headquarters:Madrid, Spain
Agency Type:Independent Administrative Authority

The Spanish Data Protection Agency (AEPD, Spanish; Castilian: Agencia Española de Protección de Datos) is an independent agency of the government of Spain which oversees the compliance with the legal provisions on the protection of personal data. The agency is headquartered in the city of Madrid and it extends its authority to the whole country.

Apart from the AEPD, there are regional data protection agencies. These agencies have limited access to the files of public administrations because all that information remains the responsibility of the national agency. Currently there are only two regional agencies: the Catalan Data Protection Authority and the Basque Data Protection Agency. From 1995 to 2013, there was also the Data Protection Agency of the Community of Madrid.

Legal basis and foundation

The AEPD was established by Royal Decree 428/1993 of 26 March, as amended by Organic Act 15/1999 on the Protection of Personal Data. This amendment implemented Directive 95/46/EC.[1] The agency was created in the context of the Spanish Constitution of 1978, Article 18.4, stating that "the law shall restrict the use of informatics in order to protect the honour and the personal and family privacy of Spanish citizens, as well as the full exercise of their rights" as elaborated by Organic Law 5/1992.[2]

Major activities

The AEPD is a public law authority enjoying "absolute independence from the Public Administration". It is responsible for:[3]

In response to the latter point, the AEPD advocated:

Notable cases

The AEPD has been conducting anti-spam investigations since 2004, collaborating with foreign agencies such as the United States Federal Trade Commission.[4] [5]

The AEPD has come into conflict with Google over information gathered from Wi-Fi networks as Google Street View images were taken, asserting that "it has been verified that data on the location of wifi networks, with the identification of their owners, and personal data of a diverse nature in communications, such as names and surnames, messages associated with such accounts and message services, or user codes or passwords" had been collected.[6] [7] It has also demanded the removal of approximately 90 names from search results, claiming a "right to be forgotten".[8] Google is contesting both actions.

See also

Notes and References

  1. Web site: Spain - Data Protection. Privireal.
  2. See española de 1978: 03#Art_18 Wikisource for Spanish Constitution of 1978
  3. Web site: Spanish Data Protection Agency. Spanish Data Protection Agency.
  4. Web site: FTC, Spanish Data Protection Agency Working Together to Fight Illegal Spam . FTC. 2005-02-24.
  5. Web site: INTERNET LAW - The Spanish Data Protection Agency imposes a fine on a law firm for spam. Internet Business Law Services. 2006-11-20.
  6. Web site: Spanish Data Protection Agency moving against Google. Typically Spanish. 2010-10-18.
  7. Web site: Spanish DPA opens infringement procedures for Google Streetview. EDRI. 2010-10-20.
  8. Web site: Internet 'Right to be Forgotten' debate hits Spain. Associated Press. Ciaron Giles. 2011-04-20.