In May 2023, the Spanish Supervisory Authority (“SA”) issued a detailed guidance paper on GDPR compliance in the context of data spaces. The paper acknowledges EU and Member State level initiatives for the creation of data spaces (such as the Data Governance Act, the proposed Data Act, and the proposed European Health Data Space) and provides insight into how the SA expects companies to meet their GDPR obligations when participating in those data spaces.Continue Reading Spanish Data Protection Authority Issues Guidance on Data Spaces
AEPD
Spanish Supervisory Authority Issues Guidance on Auditing Data Processing Activities Involving Artificial Intelligence
On January 12, 2020, the Spanish Supervisory Authority (“AEPD”) issued guidance on how to audit personal data processing activities that involve Artificial Intelligence (“AI”) (available here, in Spanish). The AEPD’s guidance is directed at data controllers and processors, as well as AI developers, data protection officers (“DPO”), and auditors. The guidance aims to help ensure that products and services which incorporate AI comply with the requirements of the European Union’s (“EU”) General Data Protection Regulation (“GDPR”).
Continue Reading Spanish Supervisory Authority Issues Guidance on Auditing Data Processing Activities Involving Artificial Intelligence
The Spanish Supervisory Authority Approves a GDPR Code of Conduct on Advertising
On September 16, 2020, the Spanish Supervisory Authority (“AEPD”) approved a “Code of Conduct for Data Processing in Advertising” (“Code”) (see the decision approving the code here). This is the first GDPR approved Code of Conduct with an accredited monitoring body in the European Union. The Code enters into effect on November 17, 2020, two months after its approval.
Below we provide a brief FAQ about the Code.Continue Reading The Spanish Supervisory Authority Approves a GDPR Code of Conduct on Advertising
Spanish Supervisory Authority Issues Statement on Data Protection and Coronavirus
On March 12, 2020, the Spanish Supervisor Authority (“AEDP”) issued a statement and a report on data protection and COVID-19. The AEPD highlights that controllers processing personal data in the context of their effort to prevent COVID-19 must comply with the GDPR, the Spanish Data Protection Law and the Spanish sectorial health laws. However, the AEPD underlines that these laws do not stand in the way of addressing the challenges posed by the COVID-19 epidemic.
Continue Reading Spanish Supervisory Authority Issues Statement on Data Protection and Coronavirus
Spanish Supervisory Authority and EDPS Release Guidance on Hashing for Data Pseudonymization and Anonymization Purposes
On November 4, 2019, the Spanish Supervisory Authority (“AEPD”), in collaboration with the European Data Protection Supervisor, published guidance on the use of hashing techniques for pseudonymization and anonymization purposes. In particular, the guidance analyses what factors increase the probability of re-identifying hashed messages.
The AEPD explains that the probability…
Continue Reading Spanish Supervisory Authority and EDPS Release Guidance on Hashing for Data Pseudonymization and Anonymization Purposes