Abstract
This chapter outlines the experiences of attempting to exercise one’s right of access in Spain. Using rich, ethnographic examples, this chapter tests how easy or difficult it is for a data subject based in Spain to obtain their personal data, firstly by locating the required information about organisations and their data controllers and secondly by submitting subject access requests to these organisations. The chapter reflects on the differences between public and private sector organisations in the process of responding to access requests as well as the role of the regional national Data Protection Authorities in Spain.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
In the Spanish legal framework constitutional matters relating to fundamental rights and freedoms are regulated by Organic Laws, which require a parliamentary debate and an absolute majority to be approved.
- 2.
According to this principle, individuals should be informed explicitly, precisely and unequivocally of the existence of a file or processing of their data, of the purpose of the collection/file, about the recipients of the information, of the consequences of a refusal to cooperate, on how to exercise the rights of access, rectification, cancellation and opposition and on the identity and address of the data controller.
- 3.
Data can only be communicated to third parties if this is necessary for the fulfilment of the purposes related to the functions of involved parties and with the consent of the data subject. The exceptions to this consent are stated in Article 11 of the LOPD. Moreover, if third-party access is necessary in order to provide a service to the data controller, it will not be considered data communication to third parties.
- 4.
The law provides no definition of what is a legitimate purpose, but during the fieldwork of this research, we have learnt that having been a victim of crime (or abnormal behaviour) can be considered a legitimate purpose to get access to CCTV footage, for instance.
- 5.
ECJ, Google Spain SL ans Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González Case C-131/12, 13 May 2013, available at http://curia.europa.eu/juris/document/document.jsf?text=&docid=152065&pageIndex=0&doclang=en&mode=req&dir=&occ=first&part=1&cid=260714#Footnote*
- 6.
Art. 3. j) LOPD and 7.e) in 1720/2007 are very restrictive in their definition of ‘public source’. This means that for the AEPD a website is not a ‘publicly available source’. Only social media sites are ‘public sources’ and therefore only the data used by these sites can be used by third parties without consent.
- 7.
A registry including electoral data of all citizens made available to marketing companies.
- 8.
Article 120.1.
- 9.
Asociación Nacional de Establecimientos Financieros de Crédito (ASNEF) & Federación de Comercio Electrónico y Marketing Directo (FECEMD) v Administración del Estado, In Joined Cases C-468/10 and C-469/10.
- 10.
The SIS holds information on persons who may have been involved in a serious crime or may not have the right to enter or stay in the EU. It also contains alerts on missing persons, in particular children, as well as information on certain property, such as banknotes, cars, vans, firearms and identity documents, that may have been stolen, misappropriated or lost. Information is entered into the SIS by national authorities and forwarded via the Central System to all Schengen States.
References
Legislation and Case Law
Asociación Nacional de Establecimientos Financieros de Crédito (ASNEF) & Federación de Comercio Electrónico y Marketing Directo (FECEMD) v Administración del Estado, In Joined Cases C-468/10 and C-469/10, judgement available at: http://curia.europa.eu/juris/document/document.jsf;jsessionid=9ea7d2dc30d6e187766425cd40e29e4696e11dfbf469.e34KaxiLc3qMb40Rch0SaxuOb3r0?text=&docid=115205&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=43026
Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González, Case C-131/12 heard in the Grand Chamber of the European Court of Justice, judgement available at http://curia.europa.eu/juris/document/document.jsf?text=&docid=152065&pageIndex=0&doclang=en&mode=req&dir=&occ=first&part=1&cid=260714#Footnote*
Ley Orgánica 15/1999, de 13 de diciembre, de Protección de Datos de Carácter Personal (Spain), http://noticias.juridicas.com/base_datos/Admin/lo15-1999.html (accessed 7 October 2014)
Articles and Reports
ABC (2012) ‘Aumentan un 80 por ciento las reclamaciones por “derecho a olvido” en internet’ [Requests for the right to oblivion in internet increase in 80 %], ABC, September 29, 2012. URL: http://www.abc.es/20120925/espana/abci-derecho-olvido-internet-201209241721.html
AEPD (2002). Memoria Anual. Madrid: Agencia Española de Protección de Datos
AEPD (2003). Memoria Anual. Madrid: Agencia Española de Protección de Datos
AEPD (2007). Memoria Anual. Madrid: Agencia Española de Protección de Datos
AEPD (2008). Memoria Anual. Madrid: Agencia Española de Protección de Datos
AEPD (2011). Memoria Anual. Madrid: Agencia Española de Protección de Datos
AEPD (2012) Memoria Anual. Madrid: Agencia Española de Protección de Datos
Derecho al ol vido en Internet (2014) “Google ya aplica el derecho al olvido” [Google already applies the ‘right to oblivion’] available at http://www.derechoalolvido.eu/google-ya-aplica-el-derecho-al-olvido/, 8 July, 2014.
Galdon Clavell, G. (2010) ‘La videovigilancia va en Ómnibus’, Público, July 6, 2010, http://blogs.publico.es/civismos-incivicos/2010/07/06/la-videovigilancia-va-en-omnibus/ (accessed 7 October 2014)
Galdon Clavell, G., Zuloaga, L. and Romero, A. (2012) ‘CCTV in Spain: an empirical account of the deployment of video‐surveillance in a Southern‐European country’. Information Polity, 17(1)
Google (2014) “Search removal request under data protection law in Europe”, available at https://support.google.com/legal/contact/lr_eudpa?product=websearch&hl=en (accessed 7 October 2014)
Guerrero Zaplana, J. (2012) “Aproximación al derecho al olvido en el nuevo reglamento de protección de datos”, Foro Público, Lexnova blogs, July 17, 2012, http://publico.blogs.lexnova.es/2012/07/17/aproximacion-al-derecho-al-olvido-en-el-nuevo-reglamento-de-proteccion-de-datos/ (accessed 7 October 2014)
Mendoza, A. I. (2011) “Deudas de telecomunicaciones y registros de morosos” [Debt telecommunications and debtors’ records], working progress that can be downloaded at https://www.uclm.es/centro/cesco/pdf/trabajos/7/2011/7-2011-5.pdf (accessed 30 April 2014).
Romero, P. (2012) “Los límites del derecho al Olvido” [The limits of the right of oblivion], El Mundo, February 27, 2012. URL: http://www.elmundo.es/elmundo/2012/02/22/navegante/1329915513.html (accessed 7 October 2014)
Sampere, Fco. Javier, ‘Existen los derechos ARCO en videovigilancia?’, Privacidad Lógica, May 13, 2013. URL: http://www.privacidadlogica.es/2013/05/13/existen-los-derechos-arco-en-videovigilancia/ (accessed 7 October 2014)
Acknowledgment
The author would like to thank Dr. Liliana Arroyo for her support and assistance in this research.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Galdon-Clavell, G. (2017). Exercising Access Rights in Spain. In: Norris, C., de Hert, P., L'Hoiry, X., Galetta, A. (eds) The Unaccountable State of Surveillance. Law, Governance and Technology Series(), vol 34. Springer, Cham. https://doi.org/10.1007/978-3-319-47573-8_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-47573-8_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-47571-4
Online ISBN: 978-3-319-47573-8
eBook Packages: Law and CriminologyLaw and Criminology (R0)