The Senate has passed the law to bring Spain’s data protection framework fully in line with the GDPR.
Background: While the EU’s General Data Protection Regulation (GDPR) is an immediately valid set of rules, some provision leave member states in charge to define details of application. The Spanish law was passed by the Deputies Congress in October, and then went to the Senate for approval.
What’s new: The Senate has now approved the law, without making any amendments to the text of the Congress. One striking provision is a change to the law regulating the electoral regime (LOREG) which now allows political parties to recoup information from “web pages” to understand their concerns and reflect them in their political proposals.
Why is it important? The provision comes at a time when many countries are trying to control political advertising, as part of the effort to tackle disinformation and foreign influence. Also, it raises questions of compatibility with GDPR, seeing as it only provides for “simple and free ways” to oppose the treatment, which is essentially an opt-out mechanism. So much so, that the Spanish Data Protection Authority (AEPD) had to issue a statement specifying it will not allow profiling based on ideological, sexual, religious, or any other type of data, or targeted advertising by political parties based on profiling.