3. The Lack of Enforcement of Article 85 in Spain – The Lack of Protection of Freedom of Information in the Data Protection Act
25 February, 2020

3. The Lack of Enforcement of Article 85 in Spain – The Lack of Protection of Freedom of Information in the Data Protection Act

← Back to the top of the Report


 

3 – THE LACK OF ENFORCEMENT OF ARTICLE 85 IN SPAIN – THE LACK OF PROTECTION OF FREEDOM OF INFORMATION IN THE DATA PROTECTION ACT
 

 

THE LACK OF ENFORCEMENT OF ARTICLE 85 IN SPAIN – THE LACK OF PROTECTION OF FREEDOM OF INFORMATION IN THE DATA PROTECTION ACT

The European General Data Protection Regulation obliges States to reconcile the right to data protection with other fundamental rights, such as freedom of expression and information.

Xnet, during the drafting of the Organic Law on Data Protection and the Guarantee of Digital Rights, passed in December 2018, made proposals in several meetings with the legislator to reconcile the boundaries between these rights. None of the proposals was accepted with a motivation, which we cannot share: “this is a court matter”. We consider this approach to be a dangerous one as it implies that the rights to freedom of expression and information are guaranteed only to those who can afford to litigate. We would rather establish a legal framework where it is possible to exercise these rights with greater legal certainty.

In Spain, there has not yet been a case that massively demonstrates this asymmetry and negative impact on fundamental rights, but we can provide some symptomatic examples.

First example: Xnet, in its anti-corruption activities, is aware of the frequency with which, in corruption cases, the corrupt claim the right to the protection of their data in order to invalidate evidence(1,2,3). One well-known case is that of the Spanish People’s Party (Partido Popular), that justified the destruction of hard disks possibly related to the Bárcenas case claiming data protection(4). To this effect, see also the chapter on the “Right to record abuses” of this report.
Another example. As Xnet warned, Tthe consequences of this omission have already been highlighted in the academic field when, after a petition via the Data Protection Act, the University of Alicante decided to remove from the search results of search engines such as Google the name of Antonio Luis Baena Tocón, an officer in Franco’s army who served as legal secretary in one of the military councils that led to sentenced the poet Miguel Hernández to death, and whose name appeared in several texts signed by university professor Juan Antonio Ríos Carratalá. In the end, the University rectified and decided not to eliminate the search results after deeming the officer’s name and activity to be information of public interest, published for historical research purposes(5).

However, the clearest example of the consequences of not embodying the spirit of Article 85 of the European General Data Protection Regulation has been seen in Romania, where the Romanian Data Protection Authority investigated RISE Project journalists for a report on a corruption scandal. They were accused of violating the data protection of the people (politicians, etc.) they mentioned in their investigation by publishing it. They were asked, among other things, the sources of the information they had published. Initially they were threatened with a fine of €600 for each day of delay in providing the information, plus a penalty of €20 million(6).

“Both the European Court of Justice and the European Court of Human Rights have pointed out in numerous judgements the importance of protecting debate on matters of public interest and that the protection of journalistic sources is one of the pillars of the freedom of information of the press. The UN Special Rapporteur on the protection of the right to freedom of opinion and expression has also underlined the need to protect journalistic sources.”(7,8)

With European and international regulation in mind, the Association for Technology and Internet (ApTI), in collaboration with Privacy International and with the support of Xnet among other European digital rights organisations(9), filed a complaint to the European Commission(10) considering that the European Regulation could not serve as a tool to limit the freedoms of expression and information and that in the case of Romania, the three exceptions provided for by the Law were too limited, with journalistic activities going beyond the provisions. They also questioned the investigative powers of the Data Protection Authority when freedom of information is at stake.

Following the case of Romania, the President of Bulgaria exercised his right of veto over the Bulgarian Data Protection Law because he considered that the provisions of the law relating to the conditions for its non-application when data protection collided with freedoms of expression and information would entail oversight of the work done by journalists, academics and artists, damaging their freedoms of expression and information as well as their independence(11). Even so, the Law was passed without any modification on this point with the vote in favour of more than half of all members of Parliament and entered into force last March 2019.

For all these reasons, it is necessary we remedy these shortcomings in the Spanish legal system as well.

 

RECOMMENDATIONS

As a result of the analysis carried out, in order to ensure and protect the right of individuals to inform and receive general-interest information in line with international human rights standards, XNet recommends: