Spanish data protection law allowing political parties to process citizens' personal data without consent
22.11.2018
Question for written answer E-005898-18
to the Commission
Rule 130
Sophia in 't Veld (ALDE)
On 21 November 2018, the Spanish Parliament passed a data protection law adapting Spanish legislation to the GDPR[1]. The law contains a provision allowing political parties to use citizens’ personal data that has been obtained from web pages and other publicly accessible sources when conducting political activities during election campaigns. Moreover, it authorises political parties to send citizens messages via social media and ‘equivalent media’ without prior consent[2]. Citizens can opt out if they do not wish their data to be processed. However, even if citizens do object to receiving political messages, they could still be profiled on the basis of their political opinions, philosophical beliefs or other special categories of personal data that fall under the GDPR.
— Does the Commission agree that this provision can lead to dangerous situations where personal information is collected without prior consent and used for electoral purposes — if not, why not?
— Does it consider that this provision complies with the GDPR, in particular Recital 56 and Articles 5, 6, 9, 21 and 22 thereof, and with the ePrivacy Directive — if so, why ?
— If it does not consider that the provision complies with the GDPR, will it start an infringement procedure immediately, so as to prevent any improper use of personal data for electoral purposes in the run-up to the European elections?
- [1] Proyecto de Ley Orgánica de Protección de Datos Personales y garantía de los derechos digitales — http://www.senado.es/web/actividadparlamentaria/iniciativas/detalleiniciativa/index.html?legis=12&id1=621&id2=000012
- [2] Article 58 bis. ‘Utilización de medios tecnológicos y datos personales en las actividades electorales’.