“The Spanish Agencia Española de Protección de Datos – AEPD has launched the DIGITAL PACT FOR THE PROTECTION OF PEOPLE , an initiative that aims to promote a firm commitment to privacy in the sustainability policies and business models of organizations”

“Among the principles that are collected is to promote transparency so that citizens know

Spanish Agencia Española de Protección de Datos – AEPD has issued a press release on the data protection implications of’IoB’ (internet of body) devices. These are devices connected to the Internet that monitor and/or act on vital signs, biometric data, and health indicators (e.g. physical activity, sleep quality, and sports activity).

IoB devices include external,

After a number of data protection authorities issued statements demonstrating differing approaches to cross-border transfers to the U.S. in the wake of the Court of Justice of the European Union’s decision in Schrems II (e.g. several of the German DPAs), the Spanish data protection authority Agencia Española Proteción Datos (AEPD) stressed the importance of a

Coronavirus and GDPR , the Spanish AEPD weighs in:

  • Data protection should not be used to hinder or limit the effectiveness of the measures taken by authorities in the fight against the pandemic.
  • Consent may not be required. Appropriate legal bases for the processing of personal data for the control of epidemics and their spread,

The Spanish AEPD has published guidelines on patient health data protection.

The guidelines track the requirements of GDPR as applicable to patient data including the obligation to provide adequate disclosure under Article 12 and data subject rights.

Key Takeaways

  • In the field of health care the right to suppression of clinical history data is very

Latin American Data Protection Authorities and the Spanish Data Protection Authority have issued a joint statement on data processing and Artificial Intelligence.

Key recommendations:

1. Comply with local regulations on the treatment of personal data.

2. Conduct a data protection impact assessment.

3. Embed privacy, ethics, and security by design and by default.

4. Operationalize

On the heels of the Planet49 decision, the Spanish data protection authority AEPD has fined Vueling Airlines €30,000 (reduced to €18,000 for payment in full) for failure to provide a compliant cookie disclosure/consent under GDPR.

Key takeaways (pertaining to cookies that require consent under GDPR):

  • You need to provide the individual with the ability to

The Spanish AEPD has published a “white list” of data processing operations that DO NOT require a Data Protection Impact Assessment (DPIA) under GDPR:

  • Processing carried out under guidelines previously established or authorized by the DPA
  • Processing carried out under the guidelines of an approved code of conduct
  • Processing necessary to comply with a legal