Spain
Rights and Duties of Data Providers/Principals 6.1. Rights and remedies Right to withdraw consent Right to grievance redressal and appeal Right to access information Right to nominate 6.2. Duties Processing of Children or Minors’ data The GDPR sets an age limit for the lawful processing of children's personal data; thus, data processing is considered lawful in Europe when the child is at least 16 years old. The GDPR grants each Member State the freedom to independently determine a lower age for obtaining a child's consent in information society services. Nevertheless, it imposes a minimum limit of 13 years old; hence, no Member State is permitted to set the minimum age for consent below 13 years old. In the case of Spain, article 7 of the Spanish DP Law has established the age at 14 years old, lowering the 16- year-old age determined under the GDPR. Despite the Spanish age limit of 14 years there is an exception when the act or legal transaction that the child wants to carry out requires the authorization of the parents or guardians, whose consent for processing must be sought. Any type https://lopez-iborabogados.com/en/
of online retail shopping would be an example of such act or legal transaction where this exception would apply.
Regulatory Authorities
8.1. Overview of relevant statutory authorities Each Member State is obliged to create their own internal authority to oversee the data protection in the country. Under article 44 of the Spanish DP Law the Spanish Data Protection Agency (“Agencia Española de Protección de Datos”, “AEPD”) is the statutory authority with jurisdiction in data protection matters in the country. AEPD stands as an independent administrative authority with nationwide jurisdiction, as outlined in Law 40/2015, dated October 1, which governs the Legal Regime of the Public Sector. The AEPD has legal personality and enjoys both public and private capacities, operates autonomously and is independent from other public authorities in the execution of its duties. Its formal link with the government is established through the Ministry of Justice. Additionally, the AEPD assumes the role of representative of all the data protection authorities within the Kingdom of Spain in front of the European Data Protection Committee.
Made with FlippingBook - PDF hosting