Spanish DPA Report Exposes European Challenges, Abuses

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Brett Allan King

June 22 — As Spain faces privacy challenges at the European level, the nation's data protection authority recently said that companies need to properly use personal data to avoid recurring problems, such as false contracting of services and the wrongful inclusion of customers on debtors lists.

According to the Spanish Data Protection Agency's (AEPD) annual report, a third of all consumer complaints in 2015 were for wrongful use of personal data by habitual culprits: the telecommunications, financial services and energy sectors.

Efren Santos, a partner at ICEF Consultores in Madrid, told Bloomberg BNA June 22 that the 177-page document is the same standard review the AEPD releases every year “with reports, sanctions, actions and main novelties,” though Spain faces special challenges at the European level. “The main challenge Spain will see over privacy matters is the legislative and practical adaptation of new European data privacy regulations,” he said.

Given the “especially negative” effect of undue inclusion on debtors' lists, “companies must be very cautious before communicating inexact data,” the AEPD said June 21.

The AEPD's 2015 report highlighted present and future privacy challenges at the European level. The report cited the challenges of adapting to the new EU framework, but also addressed pending issues, including coordinated action to respond to Alphabet Inc.'s new privacy policy, the European Court of Justice's October 2015 decision invalidating the U.S.-EU Safe Harbor framework (194 PRA 194, 10/7/15), Europe-wide inspections of cookie use and the inspection of cloud computing services in the education sector.

EU Challenges

The new European Union General Data Protection Regulation will replace the EU Data Protection Directive (95/46/EC) on May 25, 2018, and will apply to all EU member states (87 PRA, 5/5/16).

Albert Agustinoy, partner at the law firm Cuatrecasas, Goncalves Pereira in Barcelona, told Bloomberg BNA June 22 that “in terms of action nationally by the Data Protection Agency, this is the first year in which we have a clearly defined horizon where the whole framework that we've known is to be overhauled.”

Regarding the misuse of personal data for the erroneous contracting of services and inclusion on deadbeat lists, recent AEPD inspections of the telecommunications and health sectors for fraudulent contracting will present new challenges.

The AEPD's emphasis on improper inclusion on debtor lists is a way of embracing matters that will still be under Spanish jurisdiction even with new EU rules in full force, Agustinoy said.

“This is an area where, even with the new EU rules in force, the Spanish agency will still be the one that decides given that it's one of those tangential issues not touched on by the EU rules and, whatever regime is established, it won't be contrary to the rules,” Agustinoy said.

In addition to forward-looking statements, the annual report is primarily a review of the previous year and its enforcement record.

According to the report, there was a 15.7 percent increase in resolved complaints or requests for action (nearly 13,000) in 2015, with many of these involving video surveillance, spam, fraudulent contracts, and debt collection or inclusion on debtors' lists. It also noted a continued trend toward a decrease in the number of economic sanctions to 13.7 million euros (a 19.4 percent decrease from 17 million euros in 2014), due in part to fewer filed complains coupled with an increase in warnings leading to corrective measures to avoid sanctions.

Spain's DPA said it will continue to work with companies to bring improved data protection practices through the implementation of its 2015-2019 Strategic Plan.

To contact the reporter on this story: Brett Allan King in Madrid at

To contact the editors responsible for this story: Donald G. Aplin at ; Jimmy H. Koo at

Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law Privacy and Data Security