THE SPANISH DATA PROTECTION AGENCY REPORTS ON COMPLIANCE WITH THE DATA PROTECTION STANDARDS OF OUR WEBSITES

08 Nov THE SPANISH DATA PROTECTION AGENCY REPORTS ON COMPLIANCE WITH THE DATA PROTECTION STANDARDS OF OUR WEBSITES

Recently it has been published on the official website of the AEPD a study on a certain number (considered of sample), of private webs, which the agency has apparently chosen at random to serve as examples and to write in consequence a series of conclusions and Recommendations on the degree of compliance with the European General Data Protection Regulations (GDPR) that have been observed by their experts. The conclusions, without being devastating or alarming about the deficits of compliance, in certain cases do mention some practices observed in some websites that the AEPD considered wrong and not recommended. Among them would be the inaccuracies regarding the definition of the purposes of personal data processing, inaccuracies with regard to the mention of the legal basis for treatment, the lack of transparency of the texts, etc. It is striking that the AEPD makes enough stress that many websites do not give complete and necessary information to visitors and users and at the same time insists that there are many websites that include texts and paragraphs too detailed and extensive, which makes the readers discourage and abandon reading, a thing that would go against the provisions of the GDPR. My dear readers will judge whether there is some level of incongruence and incoherence in this double observation. Especially when it is in the hand of the AEPD to establish when there are and there are no breaches with a normative, which is in itself ragbag, detailed and somewhat demotivating in terms of its reading and understanding, and this when the agency also has at its disposal to sanction with the fines we all know about.