LLMpediaThe first transparent, open encyclopedia generated by LLMs

Agencia Española de Protección de Datos

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: General Data Protection Regulation Hop 4
Expansion Funnel Raw 70 → Dedup 13 → NER 13 → Enqueued 13
1. Extracted70
2. After dedup13 (None)
3. After NER13 (None)
4. Enqueued13 (None)
Agencia Española de Protección de Datos
NameAgencia Española de Protección de Datos
Native nameAgencia Española de Protección de Datos
Formation1992
HeadquartersMadrid
Headquarters countrySpain
Region servedSpain

Agencia Española de Protección de Datos is the Spanish supervisory authority responsible for enforcing data protection and privacy rules in Spain, overseeing compliance with national and European legislation. It interacts with institutions such as the European Data Protection Board, the European Commission, and national ministries, and has issued decisions affecting corporations, public administrations and civil liberties. The agency's activity spans regulatory guidance, sanctions, international cooperation and advocacy before courts like the Audiencia Nacional and the Tribunal Supremo.

Historia

The agency was created following the adoption of the Ley Orgánica de Protección de Datos de 1992 and emerged in a context shaped by Spain's accession to the European Union and the evolution of the European Convention on Human Rights. Early development involved interaction with the Consejo de Europa, the Comisión Europea and national institutions such as the Cortes Generales and the Ministerio del Interior. Reforms were driven by rulings from the Tribunal de Justicia de la Unión Europea including the Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González case and the later adoption of the Reglamento General de Protección de Datos in 2016, implemented by national legislation like the Ley Orgánica 3/2018.

Funciones y competencias

The agency exercises supervisory powers under the Reglamento (UE) 2016/679 and national laws, including issuing guidance to actors such as the Banco de España, the Comisión Nacional del Mercado de Valores, the Ministerio de Justicia and municipal administrations like the Ayuntamiento de Madrid. It registers processing activities, handles complaints from citizens including those represented by bar associations like the Ilustre Colegio de Abogados de Madrid, and enforces rights such as access, rectification and erasure against companies like Google, Facebook, Twitter, Amazon (company), and telecommunications operators like Telefonica. The agency issues opinions for bodies including the Defensor del Pueblo and participates in policy dialogues with the Comisión Europea and the European Data Protection Supervisor.

Estructura y organización

The agency is led by a President and a Council that interact with parliamentary bodies such as the Congreso de los Diputados and the Senado de España, and coordinates with ministries including the Ministerio de Asuntos Económicos y Transformación Digital and the Ministerio de Política Territorial. Its internal organization comprises departments for supervision, legal affairs, technology and international relations, staffed by experts who liaise with institutions like the Centro Nacional de Inteligencia, the Instituto Nacional de Estadística and regional authorities in communities such as Catalonia and Andalusia. The agency collaborates with judicial bodies including the Audiencia Nacional and administrative courts and with academic centers such as the Universidad Complutense de Madrid and the Universidad de Barcelona.

The legal framework includes the Reglamento (UE) 2016/679 (GDPR), the Ley Orgánica 3/2018, sectoral norms such as the Ley de Servicios de la Sociedad de la Información y de Comercio Electrónico and data-related provisions in codes like the Código Penal español. The agency issues binding decisions and guidance that reference jurisprudence from the Tribunal Supremo and the Tribunal de Justicia de la Unión Europea, and aligns with instruments from the Council of Europe and the Organisation for Economic Co-operation and Development. It also considers standards and recommendations from bodies like the European Telecommunications Standards Institute and works alongside national cybersecurity directives such as the Esquema Nacional de Seguridad.

Procedimientos y sanciones

Procedural competences include investigation initiated by complaints from individuals, referrals from public institutions like the Fiscalía General del Estado, inspections of controllers and processors such as multinational firms like Microsoft and Apple Inc., and sanctioning powers ranging from warnings to administrative fines. Decisions have been appealed before courts including the Audiencia Nacional and the Tribunal Supremo, invoking principles from the Charter of Fundamental Rights of the European Union and precedents such as the Schrems II judgment. The agency issues procedural rules that reference administrative law principles applied by the Consejo de Estado and cooperates with enforcement authorities such as the Agencia Tributaria when investigations overlap.

Cooperación internacional y participación en la UE --> ENS?

The agency is an active member of the European Data Protection Board and participates in mechanisms under the One-Stop-Shop procedure and in dialogues with the European Commission, the European Data Protection Supervisor and supervisory authorities from member states like the Commission nationale de l'informatique et des libertés (France), the Information Commissioner's Office (United Kingdom), the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (Germany) and the Autoriteit Persoonsgegevens (Netherlands). It engages in bilateral cooperation with authorities such as the Florida Department of State and international organizations including the United Nations and the Organisation for Economic Co-operation and Development. Regarding the Esquema Nacional de Seguridad, the agency coordinates with cybersecurity bodies like the INCIBE on matters where data protection and security intersect.

Casos relevantes y controversias

The agency has issued high-profile decisions involving technology firms such as Google (including link removal and indexing disputes), Facebook (now Meta Platforms, Inc.), Twitter (now X), Amazon (company), and telecom operators like Vodafone. It has been cited in litigation before the Tribunal de Justicia de la Unión Europea and domestic courts including the Audiencia Nacional and the Tribunal Supremo in matters related to mass surveillance, public video surveillance deployments in cities like Madrid and Barcelona, and the balance between data protection and public safety agencies such as the Guardia Civil and the Policía Nacional. Controversies have included debates over enforcement proportionality, the scope of fines, transparency of procedures, and coordination with privacy advocates such as Amnistía Internacional and civil society organizations like the Asociación de Internautas.

Category:Data protection authorities