Dall-e

Supervisory Authorities in the European Union and Other Countries for Personal Data Protection

In accordance with Article 51 of the General Data Protection Regulation (GDPR), each Member State of the European Union is required to establish an independent Supervisory Authority. These entities play a crucial role in ensuring GDPR compliance…

Real cases of fines for cookies

Real Cases of Fines for Cookies In today’s digital environment, compliance with cookie regulations is essential to avoid significant penalties. Below is a summary of recent GDPR fines related to cookies and how to ensure your website complies…

The Equality Officer: Roles, Training and Requirements

In a context where gender equity emerges as a fundamental pillar, the figure of the equality officer positions itself as an indispensable piece within the business ecosystem. Their role extends beyond public bodies or specific projects, integrating…
Tratamientos biométricos en el ámbito laboral

Biometric Data Processing in the Workplace: the AEPD Guide

Do you know how the new AEPD guide on biometric processing in the workplace affects your company? In this article, we explain the main changes introduced by this guide. These modifications represent a radical shift in the AEPD's interpretation…

Special categories of data under the GDPR

Introduction In the digital age, the collection and processing of personal data are ubiquitous. However, some types of data, known as special categories of data or sensitive data, are particularly sensitive and require special treatment. The…

Company sanctioned for non-compliance with the Cookie Guide

In this post we will analyze a recent resolution of the Spanish Data Protection Agency (AEPD) about a company sanctioned for non-compliance with the Cookie Guide (published in July 2020) on its website. The Spanish Data Protection Agency (AEPD)…

The new US-EU Privacy Framework

The new US-EU privacy framework has arrived. On 10 July, the European Commission adopted the adequacy decision on the US-EU privacy framework. Does the new US-EU Privacy Framework comply with the adequate level of protection? The European…

Updated Guide on the Use of Cookies

The Spanish Data Protection Agency has published on 11 July 2023 the Updated Guide on the Use of Cookies. Auratech will analyse the new changes included in it, with the aim of informing the user about the importance of using cookies in accordance…

Is the end of spam calls?

What does the General Telecommunications Law ("LGT") say about "spam" calls? Is the end of spam calls? The General Communications Law ("LGT") was published on 28 June 2022. In its article 66.1.b) it mentions that end users of interpersonal…

Property agency fined for exposing images of minors

The fine imposed on a property agency for exposing images of minors has highlighted the importance of protecting the rights of minors. An individual filed a complaint with the Spanish Data Protection Agency, with the aim of highlighting the…

How can I record my employees?

Absence of the duty to inform when installing security cameras at work. How can I record my employees? On 18 May 2022, an individual filed a complaint with the Spanish Data Protection Agency against his employer. He installed video surveillance…

Face recognition in exams: Is it proportionate?

The Catalan Data Protection Authority (Autoritat Catalana de Protecció de Dades) has sanctioned the Universitat Oberta de Catalunya for collecting biometric data from its students through face recognition, in order to verify that they were…
multa a orange por fotografiar DNI de sus clientes

Orange fined for photographing customers’ ID cards

Orange fined for photographing customers' ID cards at the time of delivering packages to their homes. Specifically, it photographed the front and back of the ID card. What was the procedure? The employee of the delivery company used to…

ChatGPT. Threat or partner?

What is ChatGPT? In order to answer the question "ChatGPT. Threat or partner?"we must first know the meaning of ChatGPT. It is a natural language processing tool powered by Artificial Intelligence, which allows fluent conversations similar…

The advent of Data Clean Room

The purpose of finding a balance between Data Protection and the need to share it is an issue that is constantly in the spotlight. Digital platforms, brands... must have access to user data in order to achieve better performance as closely…

Two Valencian companies fined almost half a million euros for using pirated software

Several companies face fine for illegal software The use of unlicensed software is one of the main threats to digital security in companies. It involves security vulnerabilities for users and companies, giving rise to attempts to invade devices…

Transborder data transfers

The scope of transborder data transfers The publication of the General Data Protection Regulation (GDPR) on May 25, 2016 in the European Union, served as inspiration worldwide for the implementation of data privacy laws. Many countries,…

The risks of using free VPNs

The risks of using free VPNs are not few in number. Virtual Private Networks are services that guarantee users' privacy on the Internet. In this way, users can encrypt their connection and anonymize their browsing by allowing them to connect…
Situación de acoso laboral

Sexual harassment in the company

Sexual harassment in the company. Last October 7, Organic Law 10/2022, of September 6, on the integral guarantee of sexual freedom, came into force.  In its article 12, it contemplates the commission of crimes and other conducts against…
FUTBOL

Sanction for recording underage soccer match

In procedure PS/00313/2021, the Spanish Data Protection Agency (AEPD) has imposed a fine of €3,000 on a company specialized in recording soccer matches for capturing images of minors without prior consent from their parents. Sanction for…
correo electrónico

Sending an email without blind copy

Is it possible to send emails with addresses without blind copy? Sending an email without blind copy can involve fines.  The AEPD states that email addresses are considered personal data. Therefore, their processing must comply with data…

Lack of information on the processing of personal data

The AEPD imposes penalties to real estate companies of up to 5,000 € for not informing the interested party of the processing of their personal data. Several affected parties have filed complaints to the AEPD, in relation to the use of their…

Video surveillance cameras on public streets

Video surveillance cameras that focus on the public highway Video surveillance cameras on public streets. On January 27, 2022 an individual filed a complaint to the AEPD, due to the installation of video surveillance cameras by another individual,…
dominios web robados

How to recover a domain

In this post we will show the different ways to follow, with the aim to know how to recover a domain name   What is a web domain How to recover a domain name is the question we should ask ourselves when faced with any problem that may…

Giving bad references of a former employee can cost you €6000

Consequences of giving bad references about a former employee Fine for giving bad references. The Social Court of the TSJ of Madrid has sentenced a company to immediately cease giving bad references about a former employee to third companies…

Black Friday and Privacy Policy

Does your website comply with the Data Protection Law for Black Friday? The importance of the Privacy Policy of websites On August 26, 2022, an individual filed a complaint to the AEPD against a company for not providing sufficient information…
anteproyecto de ley

Preliminary draft of Whistleblower reporting channels.

The draft law protecting whistleblowers regulates a confidential whistleblowing channel and creates and defines the functions of a new competent authority Preliminary draft of Whistleblower reporting channels. On March 4, 2022, the preliminary…
instagram influencers

Advertising through influencers

 theInfluencers, the best tool to reach your target audience. Advertising through influencers. The widespread use of the communication strategy in social networks has allowed brands to reach the public in a very simple way through the so-called…

Cyclist fined for taking pictures of car number

A cyclist was fined for taking pictures of car number Cyclist fined for taking pictures of car number. The Bavarian Data Protection Authority (DPA) found the cyclist's action unlawful. The cyclist's aim was to send the pictures to the police…

Microsoft 365 in German schools prohibited

The use of Microsoft 365 in German schools is now prohibited. The German Federal and State Data Protection Authorities (hereinafter DSK) have prohibited the use of the Microsoft 365 pack in German schools, due to an incompatibility between the…

The DPO in the European Union

In this article we will analyse the figure of the DPO in the EU (European Union). Javier Sempere Samaniego, Data Protection Officer of the Spanish General Council of the Judicial Power, has prepared for the Spanish Professional Privacy Association…

The impact of the new Digital Markets Act (DMA)

The need to update Directive 2000/31/EC: The impact of the new Digital Markets Act (DMA). With the advent of the Internet at the end of the 20th century, the increase in digital services, businesses and platforms has had a significant impact…
Grupos whatsapp empresa

Whatsapp groups in the company

The Spanish Data Protection Agency has recently published different resolutions on the prohibition or not of using workers' phone numbers to add them in Whatsapp groups of the company. These resolutions may seem contradictory to each other,…

Obligatory whistleblower channel for companies

Obligatory whistleblower channel for companies. Following the entry into force in 2019 of EU Directive 2019/1937 on the Protection of Whistleblowers, also known as the "Whistleblowing Directive", companies are required to set up an internal…
ley de servicios digitales

Digital Services Act (DSA)

On July 5, 2022, the EU Regulation on the Digital Services Act (DSA) was approved. The aim of this Act, like the Digital Markets Act (DMA), is to implement the rules that will govern a future European digital single market. In this way,…

The ICO condened four companies for making abusive commercial calls.

The ICO condened four companies for making abusive commercial calls. These companies have paid a £370,000 fine, for making more than 800,000 abusive commercial calls to individuals.  These phone calls consisted in offering home repairs. They…