The Spanish Agency for Data Protection (AEPD) has imposed in the last five years a dozen fines to political parties for violating the law that protects privacy and regulates the treatment and custody of personal information. Adding the infractions committed by the PSOE and the PSC, the Socialists accumulate a greater volume of sanctions, followed by Citizens and the PP. In total, the fines processed since 2014 amount to 30,400 euros.
A good part of the sanctions of the AEPD are due to the fact that those affected have not given the "unequivocal" consent so that the parties can access their data. Others are justified for violating the article that regulates the "duty of secrecy", according to which the person in charge of a file or those who intervene in any phase of data processing are obliged to maintain professional secrecy about that information, even in the case that the owner of the file and the interested party no longer have a relationship.
These are the most frequent infractions detected by the AEPD in the last five years. In that period, the Socialists have been issued five times and accumulated penalties of 13,900 euros. Citizens has received three fines (6,300 euros) and the PP, two (4,500). The formations EH Bildu and Ara have violated the law on one occasion and have been sanctioned with 3,600 and 2,100 euros, respectively. Podemos is the only big party that has not harmed the rules on data protection at this time.
In the case of Ara the infringement is linked to a request from the agency so that both the person in charge and those in charge of processing the data will adopt measures to comply with the law, or, otherwise, they will cancel the files.
The AEPD ensures that when it comes to inspecting the activities of political parties related to data protection, it acts in the same way as with any other group if it detects that it has violated the regulations. The body can open an investigation ex officio or act on the complaint of a private individual.
It will be the data inspectors, officials assigned to the agency, those in charge of instructing the file. In order to determine the data protection violations of the matches, the same procedure is followed as if it were a complaint for receiving unwanted information or for being included in a file of defaulters.
Some sanctions imposed by the agency, such as that received by ANC by the 9-N survey and by the lack of security of the personal data of partners published by Anonymous, have been appealed before the National High Court. In this case, the Contentious-Administrative Chamber has confirmed fines of 200,000 and 40,000 euros.
In electoral periods, the agency will be especially vigilant to the activities of the parties. The law passed at the end of November with the backing of the main parliamentary groups, with the exception of Podemos, allows them to collect personal data on political opinions of voters on web pages and social networks. From this information the law authorizes them to send electoral propaganda by electronic means or instant messaging systems as usual as WhatsApp. The agency has published a circular which obliges the parties to consult previously on the data they want to discuss and to prepare a risk analysis and an impact evaluation. And it warns that when the electoral process is concluded, the parties must destroy the information gathered.