• See other documents that cite the same legislation

España: Data Protection in Internet

I. Introduction.- II. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. II.1. Introduction. II.2. General rules on the lawfulness of the processing of personal data. II.3. Judicial remedies, liability and sanctions. II.4. Transfer of personal data to third countries. II.5. Codes of conduct. II.6. Supervisory authority and working party on the protection of individuals with regard to the processing of personal data. II.7. Community implementing measures. - III. Organic Law 15/1999 of 13 December on the Protection of Personal Data. III.1. Principles of data protection. III.2. Public and private files. III.2.1. Public files. III.2.2. Private files. III.3. International movement of data. III.4. Data Protection Agency. III.5. Infringements and sanctions. - IV. Final conclusions. - V. Bibliography.

I. Introduction.

1. As a result of the rapid development in computer technology large quantities of information relating to individuals ('personal data') are routinely collected and used by public administrations and in every sector of business.

Several Member states of the European Union have since the 1970s passed legislation protecting the fundamental rights of individuals and in particular their right to privacy from abuses resulting from the processing (for example, the collection, the use, the storage, etc.) of personal data. International institutions such as the United Nations, the Organisation for Economic Cooperation and Development (OECD) and the Council of Europe have produced legal texts addressing these issues. A Council of Europe convention (Treaty 108 of 1981) establishes the basic principles regarding the protection of individuals with regard to the processing of personal data which can be found in all data protection laws in Europe.

Data protection laws provide for a series of rights for individuals such as the right to receive certain information whenever data are collected, the right of access to the data, and if necessary, the right to have the data corrected, and the right to object to certain types of data processing. These laws generally demand good data management practices on the part of the entities that process data ('data controllers') and include a series of obligations. These include the obligation to use personal data for specified, explicit and legitimate purposes, the obligation to guarantee the security of the data against accidental or unauthorised access or manipulation and in some cases the obligation to notify a specific independent supervisory body before carrying out all or certain types of data processing operations. These laws normally provide for certain safeguards or special procedures to be applied in case of transfers of data abroad.

Although national data protection laws are to a certain extent similar, a number of differences exist between them. The level of protection guaranteed to the citizens in the Member States is not uniform (two Member States are still in the process of passing data protection laws). This situation creates potential obstacles to the free flow of information and additional burdens for economic operators and citizens, such as the need to register or be authorised to process data by supervisory authorities in several member Sates, the need to comply with different standards and the possibility to be restricted f...

If you are already a vLex customer, Access Here