Spain: AEPD issues guidance on technologies and data protection for public administration
The Spanish data protection authority ('AEPD') issued, on 19 November 2020, guidance on technologies and data protection for public administration ('AA.PP'). In particular, the AEPD noted that the guidance was mainly aimed at data protection delegates of the AA.PP and those public employees in charge of promoting, managing, and using these technologies in public administration. However, the AEPD stated that the content may be useful to a wider audience, such as managers of private companies who could act as managers or developers for the AA.PP. In addition, the guidance notes that public managers, who carry out the processing of personal data, have the obligation to comply with data protection legislation, including having to apply the technical and organisational security measures that are necessary for the circumstance, the rights of citizens to transparency, as well as the rest of the processing principles as required by the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). Lastly, the guidance includes sections on cookies and other tracking technologies, cloud computing, and social networks.