Agencia Española de Protección de Datos
   HOME

TheInfoList



Click Here for Items Related To - Agencia Española de Protección de Datos
OR:
Agencia Española de Protección de Datos on:   [Wikipedia]   [Google]   [Amazon]

The Spanish Data Protection Agency (AEPD, es, Agencia Española de Protección de Datos) is an independent agency of the
government of Spain gl, Goberno de España eu, Espainiako Gobernua , image = , caption = Logo of the Government of Spain , headerstyle = background-color: #efefef , label1 = Role , data1 = Executive power , label2 = Established , d ...
which oversees the compliance with the legal provisions on the protection of personal data. The agency is headquartered in the city of
Madrid Madrid ( , ) is the capital and most populous city of Spain. The city has almost 3.4 million inhabitants and a Madrid metropolitan area, metropolitan area population of approximately 6.7 million. It is the Largest cities of the Europ ...
and it extends its authority to the whole country. Apart from the AEPD, there are regional data protection agencies. These agencies have limited access to the files of public administrations because all that information remains the responsibility of the national agency. Currently there are only two regional agencies: the Catalan Data Protection Authority and the Basque Data Protection Agency. From 1995 to 2013, there was also the Data Protection Agency of the Community of Madrid.


Legal basis and foundation

The AEPD was established by Royal Decree 428/1993 of 26 March, as amended by Organic Act 15/1999 on the Protection of Personal Data. This amendment implemented Directive 95/46/EC. The agency was created in the context of the
Spanish Constitution of 1978 The Spanish Constitution (Spanish, Asturleonese, and gl, Constitución Española; eu, Espainiako Konstituzioa; ca, Constitució Espanyola; oc, Constitucion espanhòla) is the democratic law that is supreme in the Kingdom of Spain. It was ...
, Article 18.4, stating that "the law shall restrict the use of informatics in order to protect the honour and the personal and family privacy of Spanish citizens, as well as the full exercise of their rights" as elaborated by Organic Law 5/1992.


Major activities

The AEPD is a public law authority enjoying "absolute independence from the Public Administration". It is responsible for: * Information awareness about its activities and the right to protection of personal data (including 450 interviews and 850 "impacts" on media) * Direct assistance in response to citizen queries (47,741 in 2007) * Procedures to protect rights of individuals to access, rectify, cancel, and object. Most common are processes to cancel (62%) and access (32%) * Registry of filing systems (1,017,266 total entries) * Inspection and sanction procedures (399 sanction procedures resolved with €19.6 million in fines) * Advocacy leading to Royal Decree 1720/2007 * Cooperation with international agencies and those of the
autonomous communities eu, autonomia erkidegoa ca, comunitat autònoma gl, comunidade autónoma oc, comunautat autonòma an, comunidat autonoma ast, comunidá autónoma , alt_name = , map = , category = Autonomous administra ...
of
Catalonia Catalonia (; ca, Catalunya ; Aranese Occitan: ''Catalonha'' ; es, Cataluña ) is an autonomous community of Spain, designated as a '' nationality'' by its Statute of Autonomy. Most of the territory (except the Val d'Aran) lies on the nort ...
, the Basque Country, and
Madrid Madrid ( , ) is the capital and most populous city of Spain. The city has almost 3.4 million inhabitants and a Madrid metropolitan area, metropolitan area population of approximately 6.7 million. It is the Largest cities of the Europ ...
* Evaluation of emerging risks, including personal data on the Internet, generalisation of video surveillance systems, employer monitoring of labor by video surveillance,
biometrics Biometrics are body measurements and calculations related to human characteristics. Biometric authentication (or realistic authentication) is used in computer science as a form of identification and access control. It is also used to identify i ...
, and Internet usage, and intensification of international data flows In response to the latter point, the AEPD advocated: * Developing procedures allowing copyright protection in a manner compatible with the fundamental right to data protection * Regulating the anonymized publication of judgements passed by Courts of Law * Regulating internal
whistleblowing A whistleblower (also written as whistle-blower or whistle blower) is a person, often an employee, who reveals information about activity within a private or public organization that is deemed illegal, immoral, illicit, unsafe or fraudulent. Whi ...
systems available to workers within companies, outlining the activities in which it may be necessary to establish these systems and guaranteeing the confidentiality of those reporting and the rights of those being reported on * Development of specific public policy plans for the protection of minors on the Internet * Increased caution in order to prevent the undesirable exchange of sensitive personal data on the Internet via
P2P network Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the network. They are said to form a peer-to-peer n ...
s * Fostering of self-regulation among the media to guarantee privacy and the protection of personal data, by encouraging more respect for the usage in relation to the data protection provisions * Citizen guideline actions regarding the use of guarantees of confidentiality for the recipients of emails * Plan for the Fostering of Good Practices in terms of guaranteeing privacy in Official Gazettes and Journals, by adopting measures that, without affecting their purpose, will limit the gathering of personal information by Internet search engines * Local Strategy aimed at conforming the installation of traffic control cameras to the provisions on the protection of personal data


Notable cases

The AEPD has been conducting
anti-spam Various anti-spam techniques are used to prevent email spam (unsolicited bulk email). No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email (false positives) as opposed to ...
investigations since 2004, collaborating with foreign agencies such as the
United States The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 states, a federal district, five major unincorporated territori ...
Federal Trade Commission. The AEPD has come into conflict with
Google Google LLC () is an American Multinational corporation, multinational technology company focusing on Search Engine, search engine technology, online advertising, cloud computing, software, computer software, quantum computing, e-commerce, ar ...
over information gathered from
Wi-Fi Wi-Fi () is a family of wireless network protocols, based on the IEEE 802.11 family of standards, which are commonly used for local area networking of devices and Internet access, allowing nearby digital devices to exchange data by radio wav ...
networks as
Google Street View Google Street View is a technology featured in Google Maps and Google Earth that provides interactive panoramas from positions along many streets in the world. It was launched in 2007 in several cities in the United States, and has since expan ...
images were taken, asserting that "it has been verified that data on the location of wifi networks, with the identification of their owners, and personal data of a diverse nature in communications, such as names and surnames, messages associated with such accounts and message services, or user codes or
password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
s" had been collected. It has also demanded the removal of approximately 90 names from search results, claiming a "
right to be forgotten The right to be forgotten (RTBF) is the right to have private information about a person be removed from Internet searches and other directories under some circumstances. The concept has been discussed and put into practice in several jurisdiction ...
". Google is contesting both actions.


See also

* General Data Protection Regulation


References


External links

* {{Portal bar, Spain, Law Specialist law enforcement agencies of Spain Anti-spam Data protection authorities Government agencies of Spain