Spain

Subscribe to Spain

The Spanish Data Protection Authority (AEPD) has imposed a fine of €1.2 million against Facebook following its investigation into whether Facebook’s data processing activities were in accordance with the Spanish Data Protection Act (Law 15/1999) (the Act).

In its decision, the AEPD concluded that Facebook had committed serious breaches of the Act, as discussed further below.

Processing sensitive personal data for advertising purposes without consent

The AEPD held that Facebook did not obtain its users’ consent for the collection of their sensitive personal data in accordance with the requirements of the Act, since the consent obtained was not valid, express and in writing.

It was noted that Facebook uses the preferences of its users to profile them based on their sensitive personal data, and offer content in relation to that profile. However, Facebook did not establish a separate procedure for the treatment of sensitive personal data, as prior consent was not requested, and all personal data was used for profiling for advertising purposes by default. For example, when configuring a user’s profile, the “Basic and Contact Information” section includes options to “add your religious beliefs” and “add your political ideology”. However, no express consent is requested from Facebook regarding the use of this information for advertising purposes, nor is the user informed at any stage that their data will be used for that purpose.
Continue Reading Spanish DPA fines Facebook €1.2 million for data protection infringements

The Spanish data protection authority, the AEPD, has issued the first European cookie fine for the violation of Article 22.2 of Spain’s Information Society Services and Electronic Communications Law 34/2002 (Spanish E-Commerce Act), as amended by Royal Decree Law 13/2012 which implements the e-Privacy Directive (Directive 2002/58).

On 29 April 2013, the AEPD issued

This post was written by Cynthia O’Donoghue.

Spain’s constitutional court, the Tribunal Constitucional, made a landmark ruling in the case of Pérez González v. Alcaliber S.A. in early October, finding that companies are permitted to access and monitor employee communications via company IT resources, including emails and texts, as part of investigations into employee

The six executive committee members of the Ibero-American Data Protection Network (Network) attended the First Latin American Congress on Data Protection. The Network brings together 22 Data Protection Authorities (DPAs) from Spain, Portugal, Mexico, and a number of countries in Central and South America and the Caribbean. During the 10 years of its existence, the

The Spanish Constitutional Court has dismissed a case brought by an employee whose online communications were inspected by his employer. The opinion in the case of Ruiz Medina v. Global Sales Solutions Line (published 22 January 2013) was a noted change in the Constitutional Court’s line of judgments, which usually supports employee rights.

In 2004,

As Google continues its legal battle with the Spanish Data Protection Authority (DPA), the Spanish High Court (Audiencia Nacional) has referred several questions to the European Court of Justice (ECJ). The questions cover whether individuals have the right to demand the removal and blocking of information contained within Internet search results, even though that

In December 2012, the Spanish Data Protection Authority (SPDA) published a new set of Model Clauses prepared purely for use by service providers that subcontract to companies located in countries outside the EEA.

These new Model Clauses (based on the 2010 controller-to-processor clauses) will allow for an international transfer of personal data between a data

In the midst of discussions on Google’s revised privacy policy and its compliance with EU legislation, Spain’s highest court, the Audiencia Nacional de España, has referred a case up to the European Court of Justice (ECJ) to decide on whether Spanish citizens can lawfully demand that Google delete information about them from its search engine,