Publications

Garrigues

ELIGE TU PAÍS / ESCOLHA O SEU PAÍS / CHOOSE YOUR COUNTRY / WYBIERZ SWÓJ KRAJ / 选择您的国家

Data Economy, Privacy and Cybersecurity Newsletter - October 2024

Spain - 

In this newsletter, we offer the latest updates on everything related to the data economy (technology law, technological innovations, artificial intelligence, digital law, e-Commerce), privacy (data protection and related fundamental rights), and cybersecurity (information security and the protection of the networks and systems that process it). We cover the most recent rulings from relevant authorities and agencies, key court decisions, and the most important news in this field.

The regulatory and supervisory labyrinth in the digital agenda for Europe: rationalization proposal

Alejandro Padín

The publication of the Artificial Intelligence Act has brought a complex regulatory framework for overseeing the use of AI, with surveillance and supervisory authorities that overlap and co-exist with others in the digital economy. In its quest for efficient governance that is coherent with other regulations such as the GDPR, the European Data Protection Board (EDPB) recommends that the data protection authorities perform supervisory functions in order to avoid a dispersal of public authorities.

KEEP READING


Data protection authorities’ decisions

  • The Spanish data protection agency (AEPD) fines a bank €70,000 for providing tax information to the ex husband of the owner of financial products
  • The AEPD recalls that personal data obtained from the Industrial Property Official Gazette (BOPI) cannot be used by third parties to send advertising material
  • If rights are to be exercised all the affected personal data must be retained
  • It is prohibited for workers to clock in using facial recognition systems at public institutions
  • The AEPD fines a company for human error in the sending of employees’ pay statements
  • Fine in the millions given out by the Dutch authority to a private hire firm for an international transfer of drivers’ data to the U.S. 
  • An IP address is not sufficient proof due to the high vulnerability to cyberattacks of domestic routers
  • A channel set up for answering workers’ queries is an adequate channel for receiving right of access requests
  • Making entry to an establishment conditional on consent being given for the processing of data is an infringement of article 4.11 and article 7 of the GDPR
  • Whether an entity is data controller or data processor depends on the specific circumstances, and the parties cannot arbitrarily decide its role
  • The AEPD changes its opinion and holds that delivering a parcel to a third party should not be subject to a fine

VIEW MORE

Judgments

  • A legal guardian, with responsibility for protecting and managing the interests of a person in their care, is data controller, even if they form part of that person's inner circle
  • Associations can claim breach of the right to information on behalf of the interested party, where it is regarded as an infringement “as a result of the processing”
  • A €250,000 fine by the AEPD has been overturned, after being given out for enabling the microphone and geolocation in apps on users’ mobile pones
  • Colombia's Constitutional Court clarifies that artificial intelligence cannot replace the judge in decision making
  • The supervisory authority is not under obligation to adopt corrective measures in all cases of infringements or to impose a fine

VIEW MORE

News update

  • The EU Artificial Intelligence Regulation has been published in the Official Journal
  • The Spanish data protection agency has presented a report on the influence of addictive patterns in online services, especially on minors
  • The EDPB recommends that data protection authorities are designated as supervisory authorities of the Artificial Intelligence Regulation
  • The EDPB allows EU institutions to use generative AI systems if they are compliant with the data protection legislation
  • The AEPD issues guidelines on safe online purchasing in conjunction with the Spanish National Cybersecurity Institute (INCIBE), the Spanish Agency for Consumer Affairs, Food Safety and Nutrition (AECOSAN) and the Spanish National Police Force (Policía Nacional)
  • The OECD has published a report on regulatory approaches to artificial intelligence in finance
  • The Council of Europe has signed a Framework Convention on artificial intelligence and human rights, democracy, and the rule of law
  • The European Commission has published a document to help companies learn about their obligations in relation to the Data Act  
  • The Belgian data protection authority has published a guide on the use of artificial intelligence models and the General Data Protection Regulation  
  • The AEPD releases guidelines on obligations and responsibilities in the use of mobile digital devices at educational centers
  • Chile: Legislative step forward and impacts of the new Personal Data Law
  • Colombia: Personal data administrators using AI systems must assess the suitability and necessity of the data processing

VIEW MORE

 

 

Data Protection, Spain, European Union, LatAm, Artificial Intelligence, Digital agenda for Europe

Find a publication

Date of publication

News search engine