词条 | Ley Orgánica de Protección de Datos de Carácter Personal | |||||||||||||||||||||||||||||||||||||||
释义 |
The Organic Law 15/1999 of December 13 on Protection of Personal Data (LOPD) was Spanish organic law that guaranteed and protected the processing of personal data, public liberties, and fundamental human rights, and especially of personal and family honor and privacy. It was approved by the General Court on December 13, 1999. This law was developed based on Article 18 of the Spanish Constitution of 1978, the familiar and personal right to privacy, and the secrecy of communications. Its main objective was to regulate the treatment of data and files, of a personal nature, regardless of the support in which they are treated, the rights of citizens over them and the obligations of those who create or treat them. This law affected all data that referred to registered humans on any support, computer or otherwise. Excluded from this regulation are those data collected for domestic use, classified materials of the state and those files that collected data on Terrorism and other forms of organized crime (not simple delinquency). Based on this law, the Spanish Agency for Data Protection was created, at the state level, which ensures compliance with this Law. This act was repealed by the passage of a new data protection act, the Organic Law 3/2018 of December 5, about protection of personal data and guarantees of digital rights, to conform the Spanish legislation with the General Data Protection Regulation[1] Regulatory development
Control bodies and possible sanctionsThe body responsible for monitoring compliance with data protection regulations at Spanish territory, in general, is the Spanish Agency for Data Protection (AEPD), [2] there are other Data Protection Agencies of an autonomous nature, in Autonomous Communities of Catalonia and in Basque Country. The sanctions are divided into three groups depending on the seriousness of the act committed,[3] Spain being the country of the European Union that has the highest sanctions in terms of protection of data. These sanctions depend on the violation committed. The last company sanctioned has been the company Grupon, sanctioned by the state data protection agency, with 20 000 euros for storing the CVV codes of the Credit cards from their customers without informing them. They are divided into: {{cita|The minor penalties range from 900 to 40 000 € Serious penalti range from 40 001 a 300 000 € Very serious penalties range from 300 001 a 600 000 € }} Despite the amount of sanctions, there are many companies in Spain that have not yet adapted to it, or have done so in a partial manner or do not periodically review its adequacy; so that, maintenance and review of the adequacy carried out is essential. In the public sector, the mentioned Law also regulates the use and management of information and files with personal data used by all public administrations. The Spanish Agency for Data Protection (AEPD) was created in 1994 in accordance with the provisions of the repealed LORTAD. Its headquarters are located in Madrid, although the Autonomous Communities of Madrid, the Basque Country and Catalonia have created their own autonomous Agencies. Inspection and guardianship of Rights ProceduresSpanish Agency for Data Protection (AEPD)Year 2012In 2012 complaints filed with the AEPD, increased by 12%. The activity of the Agency has grown significantly in 2012, with an increase of 15% in the files registered and almost 40% in the resolutions issued. The allegations of identity theft, especially in the supply and commercialization of energy and water (222%) and in telecommunications (92%), have experienced a substantial increase. Of the 863 infringement decisions declared to private managers, more than 34% concluded in a warning, without imposing a penalty. On the other hand, most of the sanctions affect the telecommunications sector, which represents 73% of the total. Three of the main operators accumulate 70.94% of the total amount of fines. Year 2011In 2011, reported complaints were 51.6% higher than those filed in 2010. This increase is also reflected in the increase in declaratory resolutions of infringement of 37.7%. However, the application of the figure of the warning has determined a decrease of 14.5% in the declared economic sanctions. The sector where sanctions have increased most (64%) and have been declared to a greater extent (25.5%) and amount, (63%) is that of telecommunications. The amount of sanctions has grown by 12% compared to 2010. Year 2009In 2009 they increased by more than 75% of the complaints received, which reached the figure of 4,136, and the number of requests for protection of rights, by 58%. 709 sanctioning procedures were resolved, of which 621 ended with sanction with a total amount of 24.8 million euros. Source: Memory of the Spanish Agency for Data Protection (AEPD) for the years 2007, 2008, 2009.
Year 2008In 2008 the number of facts reported to the AEPD (together with officio investigations initiated) increased by more than 45%, reaching the value of 2362. AEPD resolved in 2008 a total of 630 sanctioning procedures, almost 58% more than in 2007, of which 535 culminated with the imposition of sanctions. The fines imposed amounted to 22.6 million euros, representing an increase of 15% over the previous year. The number of procedures solved of declarations of infraction committed by the public administrations rose in 2008 almost 20% with respect to the previous year, going from 66 to 79, of which 59 ended with a declaration of infraction. Year 2007In 2007 the Spanish Agency for Data Protection resolved 399 sanctioning procedures, increasing by 32.5% with respect to the previous year. The economic sanctions imposed by the AEPD amounted to 19 600 000 euros. Autonomous data protection agenciesYear 2007The Data Protection Agency of the Community of Madrid carried out 196 inspection procedures and 32 procedures for the protection of rights in 2007. The Basque Data Protection Agency-Datuak Babesteko Euskal Bulegoa (AVDP-DBEB), resolved 43 complaints and 18 infringement procedures in 2007.[4] Ibero-American Data Protection NetworkThe Ibero-American Data Protection Network (RIPD), since its creation in 2003, has developed an intense and fruitful work, such as the organization of ten meetings. In addition to contributing to that more than 150 million Latin American citizens currently have, along with the traditional protection of habeas data, rules that allow to effectively guarantee the use of their personal information and specialized authorities with powers to protect said guarantee. In Latin America policies are being developed for the protection of personal data. In 2012 two new laws were approved. In Nicaragua, Law No. 787 of Protection of Personal Data, of March 29, 2012 and Statutory Law No. 1581 of October 17, 2012, by which general provisions for the Protection of Personal Data are issued. In Chile, also Law 19.628, of August 28, 1999, on Protection of Private Life, is currently in the process of reviewing part of its articles. The National Assembly of Venezuela is processing the bill for the Protection of Personal Data of Habeas Data. And in Costa Rica there is already a Data Protection Agency of the Republic of Costa Rica, in compliance with the law approved in 2011. Information DutyPersonal data are classified according to their greater or lesser degree of sensitivity, being the legal requirements and computer security measures more stringent in terms of this greater degree of sensitivity, being mandatory on the other hand, in any case the declaration of the data protection files to the "Spanish Agency for Data Protection". Interested parties to which personal data are requested must be previously informed in an express, precise and unambiguous way: 1. The existence of a file or treatment of personal data, the purpose of the collection of these and the recipients of the information. 2. Of the obligatory or optional character of his answer to the questions that are posed to them. 3. The consequences of obtaining the data or the refusal to supply them. 4. Of the possibility of exercising rights of access, rectification, cancellation and opposition. 5. The identity and address of the person responsible for the treatment or, if applicable, his representative. However, the processing of personal data without having been collected directly from the affected party or interested party is permitted, although it is not exempted from the obligation to report expressly, accurately and unequivocally, by the person responsible for the file or its representative, within of the three months following the start of data processing. Exception: Communication in three months of such information will not be necessary if the data has been collected from "sources accessible to the public",[5] and are intended for advertising or commercial prospecting , in this case "in each communication addressed to the interested party, he will be informed of the origin of the data and the identity of the person responsible for the treatment, as well as the rights that assist him".
This could be a model clause of information / consent of rights protected by the LOPD: {{cita | In compliance with the Organic Law 15/1999, of December 13, Protection of Personal Data (LOPD), (replace by the name of the person responsible for the file), as the person in charge of the file, reports the following considerations:The personal data that we request, will be incorporated into a file whose purpose is (describe the purpose). The fields marked with an asterisk (or any other signal) are mandatory, being impossible to realize the expressed purpose if you do not provide this information. You are also informed of the possibility of exercising the rights of access, rectification, cancellation and opposition, of your personal data in (substitute the address to exercise the rights).}}
ConsentTypes of consentA) Unmistakable consent The treatment of personal data will require the unambiguous consent of the affected party, unless the law provides otherwise. B) Tacit Consent This will be the normal form of consent in cases where an express or express consent is not required in writing. C) Express consent Personal data referring to racial origin, health and sexual life may only be collected, processed and assigned when, for reasons of general interest, it is provided by a law or the person expressly consents. D) Express and written consent Express consent is required in writing from the affected party regarding data related to ideology, union affiliation, religion and beliefs and may only be transferred with express consent.[6] Data communicationThey have responsibility in the communication and treatment of data not only the legal persons (companies) but also freelancers, freelancers, associations, collectives and people who own a blog (bloggers) through from which data from third parties are collected to make queries and for any other transaction.[7] The personal data object of the treatment can only be communicated to a third party for the fulfillment of purposes directly related to the legitimate functions of the transferor and the transferee with the prior consent of the interested party. The consent required in the previous section will not be precise:
The consent for the communication of personal data to a third party will be void when the information provided to the interested party does not allow him to know the purpose to which the data will be destined whose communication is authorized or the type of activity of the person to whom it is sent. They intend to communicate. The consent for the communication of personal data also has a revocable nature. The one to whom the personal data are communicated is obliged, by the mere fact of the communication, to observe the provisions of this Law. If the communication is made prior to the dissociation procedure, the provisions of the previous sections will not apply. Access to the data by third parties
Criticisms and main problemsCertain aspects of the law were declared unconstitutional in November 2000 and deleted from the current text. It is considered that the increase in the creation of files and processing of personal data affects the right to protection of citizens' data; This concern was picked up by the European bodies that even ordered that January 28 be held annually on "European Data Protection Day". The celebration dates back to 2006, when the Committee of Ministers of the Council of Europe established the annual celebration of the Data Protection Day in Europe on January 28, commemorating the anniversary of the signing of Convention 108 of the Council of Europe for the protection of persons with regard to the automated processing of personal data. A very strict compliance with the regulation on data protection could slow down the normal work of a File Manager for the documentary accreditation of the information and consent principles of the LOPD; also in the opposite direction, a mere fulfillment of formal obligations, would leave the law senseless and the citizens unprotected and go against the "spirit" of the LOPD. The possibility that companies can collect data without the consent of the affected has been criticized. Certain resolutions of the AEPD [8] have been reason for controversy:
See also
Referencias1. ^{{Cite web |url=https://www.boe.es/buscar/act.php?id=BOE-A-2018-16673 |title=Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales |language=es |access-date=2018-12-09}} 2. ^[https://www.agpd.es/portalweb/index-ides-idphp.php Spanish Agency for Data Protection] 3. ^List of companies sanctioned in 2009 List of companies that are being sanctioned during the year 2009, indicating the amount imposed and the date. It also reflects the "Top 3" of the most sanctioned companies during this period, total amount in euros of all sanctions and other statistical information 4. ^Report of the basque agency 2007 5. ^defined as those "files whose consultation can be carried out, by any person, not prevented by a rule limitative or without further requirement that, where appropriate, the payment of a consideration "and" are considered as sources of public access, exclusively, the promotional census, telephone directories (...) and lists of persons belonging to groups of professionals (...) Also, the newspapers and official bulletins and the media have the character of public access sources ". "In each communication addressed to the interested party will be informed of the origin of the data and the identity of the person responsible for the treatment, as well as the rights that assist". 6. ^«The files kept by political parties, trade unions, churches are excepted , confessions or religious communities and associations, foundations and other non-profit entities, whose purpose is political, philosophical, religious or union, in terms of data relating to its members or members (... and) for the prevention or for the medical diagnosis, the provision of health care or medical treatment or the management of health services (... and) to safeguard the vital interest of the affected person or of another person, in the event that the affected person is physically or legally incapable of giving your consent. » 7. ^{{cita web| url = http://queesunpersonalshopper.com/asesoramiento-de-comunicacion/lopd/ | title = LOPD and LSSI for SMEs, freelancers, associations and blogs}} 8. ^[https://www.agpd.es/portalweb/resoluciones/procedimientos_sancionadores/index-ides-idphp.php Some resolutions of the AEPD on its website] 9. ^Data Protection fine to the PP for the 'voluntary volunteers' of the Basque lists 10. ^Data Protection fine to the PP for the "false volunteers" from the Basque lists 11. ^Beware of sending data "to a friend! Protection of Data considers that it is punishable "Recommend this page to a friend." If on your website this self-promotion formula appears, know that this option has the days counted, if you do not want to receive a fine. Data this practice violates the Law of Services of the Information Society and Electronic Commerce (LSSI), which does not foresee that you can send any mail with advertising or promotional content, if it is reflected in a Resolution of the Agency, of February 20 of 2008, in which a webpage is fined for offering the internaut The ease of sending an informative message to the email address of a family member or friend inviting the recipient to register. 12. ^The Agency of data protection against "send to a friend" Stone remains one before the sanction of the Data Protection Agency to a website with the option of "send to a friend", that mechanism which many try to get their most convinced users invite their friends and family. The information is given, among others, The economist and on the website of the Data Protection Agency you can access the resolution (in PDF format). 13. ^«La Agencia de Protección de Datos exige respetar la confidencialidad en los abortos.» La polémica en torno al aborto se desató a principios de este año. Las clínicas abortistas organizaron una huelga para protestar por las presiones recibidas por sus profesionales y por las investigaciones iniciadas en varios centros de Madrid y Barcelona por presuntos abortos irregulares... Por último, el documento establece que el acceso por parte de los órganos de inspección sanitaria será permitido cuando su finalidad sea la "comprobación de la calidad de la asistencia, el respeto de los derechos del paciente o cualquier otra obligación del centro en relación con los pacientes y usuarios o la propia Administración sanitaria". 14. ^«The Data Protection Agency demands to respect the confidentiality in abortions.» The controversy about abortion was unleashed earlier this year. The abortion clinics organized a strike to protest the pressure received by their professionals and the investigations initiated in several centers in Madrid and Barcelona for alleged irregular abortions ... Finally, the document states that access by inspection bodies sanitary will be allowed when its purpose is "checking the quality of care, respect for the rights of the patient or any other obligation of the center in relation to patients and users or the health administration itself." 15. ^«The Agency for Data Protection and apostasy.» «Data Protection paralyzes the processing of apostasy requests. Frenazo for the more than half a thousand requests for apostasy that were to be resolved in the Spanish Agency for Data Protection (AEPD), and all those that may continue to arrive: The director of the AEPD, Artemi Rallo, announced yesterday that all these requests for cancellation of data in the baptismal books are suspended until new judicial decisions confirm or move away from the judgment of the Supreme Court last September, which, for the first time, exempted the ecclesiastical hierarchy from making a note of apostasy in the baptismal books. »(It has the sentence of the TS in PDF format) 16. ^[Data Protection, new fine to a health entity] That is why the AEPD imposes a fine of 60.101,27 euros for a very serious infraction, and another for the same amount and causes the plaintiff's doctor. Very serious faults are usually punishable by fines between 300 506and601 012 euros. In this case, the agency recognizes mitigating factors such as' there was no intentionality in the commission of the infringement, there is no recidivism, and the report was requested to avoid harm to the company, since the complainant had said that she was not suffering from venous insufficiency varicose veins when he had it. ' National Court. 17. ^CURRENT PROBLEMATIC REGARDING THE PROTECTION OF PERSONAL DATA IN THE HEALTH SECTOR Is health data considered the result of "fit" or "not apt" of a worker when it is submitted to the annual medical examination of the company? Is a simple medical prescription with the name of a medicine a health fact, even if the specific disease is not reflected? Are the measurements of a person, such as the size of the foot, or for example the color of the eyes, considered health data? ... 18. ^"Data Protection fines Telefónica with 60,000 euros." The agency considered the high level of computer knowledge of the complainant proved, as well as its lucrative spirit, which "bordered on the criminal offense and notoriety of a" pirate ", according to the content of the resolution, its opinion is supported by article 9 of the Organic Law of Protection of Personal Data that establishes the principle of" data security ", imposing the obligation to adopt the measures of technical and organizational nature that guarantee their security, with the purpose of avoiding the unauthorized access In any case, the fine imposed by the regulatory agency is of "minimum amount" because it maintains that there was no intention nalidad by Telefonica. However, the company has announced its intention to file an appeal against this resolution. 19. ^"Receive unsolicited advertising calls, within the limits of the legislation." 20. ^«Fence to the 'junk calls'. The Government wants to end the unsolicited calls, with the annoying and increasingly frequent telephone spam, with ringing at the time of nap to the fixed or to the mobile to offer a change of operator, a new credit or an offer of connection to Int ernet, often produced from "private numbers" or "unknown" or local locutions or from abroad, which makes it impossible for the consumer to report it. The Ministry of Health and Consumer Affairs in collaboration with the Ministry of Justice, Economy and Industry are working on a preliminary bill to transpose a European directive that considers this practice illegal. The Government expects to enter into force before the end of the year ... "Many are also produced at the time of siesta or at night, which makes them even more annoying," adds the head of Health and Consumption. Until now these practices were not regulated in a specific way. There is a law (of 2002) that prohibits unwanted email. ( El Pais , August 2008). BibliographyTranslation of :[https://es.wikipedia.org/wiki/Ley_Org%C3%A1nica_de_Protecci%C3%B3n_de_Datos_de_Car%C3%A1cter_Personal_(Espa%C3%B1a) "LOPD in Spanish"] External links
6 : 1999 in Spain|Consumer protection law|Data laws|Medical records|Privacy law|Spanish law |
|||||||||||||||||||||||||||||||||||||||
随便看 |
|
开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。