EU slams Spanish data protection law again

 

The European Court of justice has once again called Spain into account over it´s data protection laws - only this time claiming that they leaned too far in favour of protecting the privacy of the subject.

The law, named the "Spanish Organic Law 15/1999 and Royal Decree 1720/2007″, only allowed the data controller to process personal data without the subject's express consent if the data was already in the public domain.

This went beyond the requirements of the EU´s Data Protection Directive, which is designed to balance the the privacy of individuals against the needs of businesses in processing information.

The Directive says that data, which at first sight seems anonymous, will become`personal data´ if a third party combined this data with other information they already had, whereby they were then able to further identify the individual in question.

However, the Data Protection Act only concerns itself with whether an individual can be identified by combining that data with other information held by the business. It has therefore been accused of not going far enough to protect the privacy of the individual.