The protection of personal data is a legal concept with deep historical roots. Its most evident origin can be traced back to the United States, specifically to an essay published as an article in the Harvard Law Review titled "The Right to Privacy" by Warren and Brandeis in 1890. This work established what is now considered the most widely accepted definition of "privacy."
In our country, the protection of individuals concerning the processing of personal data is a fundamental right recognized in Article 18.4 of the Spanish Constitution. This article mandates that the legislator limit the use of information technology to safeguard the fundamental rights of citizens. This protection is also grounded in Article 8.1 of the Charter of Fundamental Rights of the European Union and Article 16.1 of the Treaty on the Functioning of the European Union.
It was not until Constitutional Court Ruling 292/2000 that the right to data protection was declared a true fundamental right, autonomous and clearly distinct from the other rights guaranteed under the same Article 18 of the Spanish Constitution. This ruling establishes that this right: "aims to guarantee the individual a degree of control over their personal data, its use, and its purpose, with the intention of preventing its unlawful and harmful trafficking, which could undermine the dignity and rights of the affected individual."
In addition, we have an independent authority that safeguards this right: the Spanish Data Protection Agency (Agencia Española de Protección de Datos), which operates as an independent entity with full functional autonomy. The AEPD (Spanish Data Protection Agency) was established in 1992 and began operations in 1994. It is an independent administrative authority at the national level, with its own legal personality and full public and private capacity, operating with complete independence from public authorities in the exercise of its functions. It serves as the "supervisory authority" that the General Data Protection Regulation (GDPR) requires Member States to establish to oversee its application. Its purpose is to protect the fundamental rights and freedoms of individuals concerning data processing and to facilitate the free flow of personal data within the Union.
Subsequently, following the creation of the AEPD, the Organic Law 15/1999 of December 13, on the Protection of Personal Data (LOPD), was approved on December 13, 1999. The LOPD is currently repealed. Its main objectives at the time were: to regulate the processing of personal data and the files containing them, regardless of the medium on which they were processed; to regulate in detail the rights of individuals and the obligations of those who create files and process data, both as data controllers and data processors.
The regulatory framework established by this law was completed with the approval of Royal Decree 1720/2007, of December 21, which approved the Regulation for the implementation of Organic Law 15/1999, of December 13, on the protection of personal data (RLOPD).
In the period between the approval and enforcement of the aforementioned regulatory frameworks, the Constitutional Court shaped the content of the right to data protection as we know it through its jurisprudence, establishing it as a constitutional right. Specifically, the content of the following rulings should be highlighted:
- Ruling 254/1993, dated July 20, 1993 (RTC 1993, 254), by the Constitutional Court. Appeal for Protection No. 1827/1990.
- Ruling 94/1998, dated May 4, 1998, by the Constitutional Court.
- Ruling 292/2000, dated November 30, 2000 (RTC 2000, 292), by the Constitutional Court, concerning the unconstitutionality appeal 1463-2000, filed by the Ombudsman regarding Articles 21.1 and 24.1 and 2 of Organic Law 15/1999, dated December 13.
Finally, a cohesive European legal framework for data protection was established, culminating in Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016. This regulation concerns the protection of natural persons regarding the processing of personal data and the free movement of such data, repealing Directive 95/46/EC. Hereinafter, the RGPD.
As a result, the LOPD was almost entirely repealed with the entry into force, on December 6, 2018, of Organic Law 3/2018 on the Protection of Personal Data and the Guarantee of Digital Rights (LOPDGDD), which adapts Spanish legislation to the GDPR.
Thus, the protection of personal data is a right that has evolved within our legal framework and is increasingly present in various aspects of our daily lives, both in personal and professional contexts.
Therefore, if you have a website or an online store, it is essential to stay up-to-date with the regulations you must comply with to provide sufficient guarantees regarding data protection. This is a fundamental right for everyone who visits or uses your website.
Therefore, our team is always attentive to new legal resolutions and regulations that come into effect. With Ibamu, you can obtain a personalized and automated legal solution for your website, ensuring you have the best technological and legal tools to always comply with the regulations.
