The Spanish Constitution recognizes the right to personal privacy, secrecy of communications, and the protection of personal data (Article 18). Thus, the integrity of data is a constitutional right in Spain and in practice it is protected through the Data Protection Act (the “Act”) which incorporates the European Directives on data protection. The Act is enforced by the Spanish Data Protection Agency (“DPA”) which has extensive powers of investigation and can impose sanctions. Areas of particular vulnerability are subject to tighter security measures that include provisions related to cross-border transfers of information and unsolicited promotional information and spam.

The following questions have been addressed in this article:

What sanctions can the DPA impose?
What provisions apply to cross-border transfers?
Have there been any DPA decisions regarding cross-border transfers?


Facebook Twitter RSS