Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


IV. Governance issues


Law 11/2007 of 22 June 2007 about e-government services1 regulates the possibility for citizens not to have to provide personal data or documents other than in an electronic way. The law indeed mandates that in the national, regional, and city administrations all administrative procedures be implemented as electronic services before 31 December 2009.

The Law 11/2007 was further detailed in three royal decrees: Royal Decree 1671/2009 of 6 November 2009,2 Royal Decree 3/2010 of 8 January 2010 about the National Security Structure of Electronic Services,3 and Royal Decree 4/2010 of 8 January 2010 about the National Interoperability Structure of Electronic Services.4

The APDCM published Recommendation 3/2008 about the use of electronic services by public institutions of the Region of Madrid5 (content of privacy policies, use of intranets, etc.).

Open government

Law 37/2007 of 16 November 2007 about the Reuse of Information of Public Administrations6 regulates the possibility to reuse public information but free of personal data.

Other developments

In May 2008, a Tele5 TV documentary revealed that many of the court records that individuals entrust to Spanish judicial authorities and that contain sensitive personal data (psychological profiles, financial, employment, medical, and criminal records) are not stored, disclosed or destroyed in compliance with the LOPD. The AEPD declared that the judicial system lacked a uniform set of security measures, and that the problem was widespread among Spanish jurisdictions. One of the problems this scandal brought to light is the impossibility for the AEPD to take any sanction against the state administration and its employees, giving it the only option to declare that there is a violation of the LOPD.7

Non-government organisations' advocacy work

There is nothing to report under this section.

International obligations and International cooperation

Spain ratified the Universal Declaration of Human Rights of 1948,8 and on 27 April 1977, ratified the International Covenant on Civil and Political Rights.9 Spain is a member of the Council of Europe (CoE) and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (Convention No. 108).10 It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms.11 In November 2001, Spain signed the CoE Convention on Cybercrime,12 and on 3 June 2010, ratified it. It is a member of the Organisation for Economic Cooperation and Development (OECD) and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. Spain is also member of the Iberoamerican Data Protection Network.13