This law was developed based on Article 18 of the Spanish Constitution of 1978, the familiar and personal right to privacy, and the secrecy of communications.
The Spanish Agency for Data Protection (AEPD) was created in 1994 in accordance with the provisions of the repealed LORTAD.
The allegations of identity theft, especially in the supply and commercialization of energy and water (222%) and in telecommunications (92%), have experienced a substantial increase.
In 2009 they increased by more than 75% of the complaints received, which reached the figure of 4,136, and the number of requests for protection of rights, by 58%.
In 2007 the Spanish Agency for Data Protection resolved 399 sanctioning procedures, increasing by 32.5% with respect to the previous year.
The Basque Data Protection Agency-Datuak Babesteko Euskal Bulegoa (AVDP-DBEB), resolved 43 complaints and 18 infringement procedures in 2007.
[4] The Ibero-American Data Protection Network (RIPD), since its creation in 2003, has developed an intense and fruitful work, such as the organization of ten meetings.
In Chile, also Law 19.628, of August 28, 1999, on Protection of Private Life, is currently in the process of reviewing part of its articles.
Interested parties to which personal data are requested must be previously informed in an express, precise and unambiguous way: 1.
However, the processing of personal data without having been collected directly from the affected party or interested party is permitted, although it is not exempted from the obligation to report expressly, accurately and unequivocally, by the person responsible for the file or its representative, within of the three months following the start of data processing.
Exception: Communication in three months of such information will not be necessary if the data has been collected from "sources accessible to the public",[5] and are intended for advertising or commercial prospecting, in this case "in each communication addressed to the interested party, he will be informed of the origin of the data and the identity of the person responsible for the treatment, as well as the rights that assist him".
The fields marked with an asterisk (or any other signal) are mandatory, being impossible to realize the expressed purpose if you do not provide this information.
You are also informed of the possibility of exercising the rights of access, rectification, cancellation and opposition, of your personal data in (substitute the address to exercise the rights).A) Unmistakable consent The treatment of personal data will require the unambiguous consent of the affected party, unless the law provides otherwise.
The consent required in the previous section will not be precise: The consent for the communication of personal data to a third party will be void when the information provided to the interested party does not allow him to know the purpose to which the data will be destined whose communication is authorized or the type of activity of the person to whom it is sent.
A very strict compliance with the regulation on data protection could slow down the normal work of a File Manager for the documentary accreditation of the information and consent principles of the LOPD; also in the opposite direction, a mere fulfillment of formal obligations, would leave the law senseless and the citizens unprotected and go against the "spirit" of the LOPD.