Data Protection

Garrigues

ELIGE TU PAÍS / ESCOLHA O SEU PAÍS / CHOOSE YOUR COUNTRY / WYBIERZ SWÓJ KRAJ / 选择您的国家

  • New guidance on vehicle data and the Data Act: challenges and opportunities

    The European Commission has published the first guidelines clarifying how the obligations of the Data Act apply to connected vehicles. The document provides guidance for manufacturers, providers and users on access to, and use and transmission of, the data generated by vehicles, paving the way to a new stage in automotive data governance and the structure of future business models based on digital mobility.

  • Comparison of the transposition of NIS II by Portugal with that planned in Spain

    In July 2025, the Portuguese government resumed the process of transposing Directive (EU) 2022/2555 (NIS2) by presenting Bill no 7/XVII/1 Below we compare this transposition with the Spanish bill, examining the areas of application that are subject and exempt in each case, as well as the planned penalty system.

  • Data Economy, Privacy and Cybersecurity Newsletter - November 2025

    In this newsletter, we offer the latest updates on everything related to the data economy, privacy, and cybersecurity. We cover the most recent rulings from relevant authorities and agencies, key court decisions, and the most important news in this field.

  • Is pseudonymized data personal data? Key points following the European Court of Justice's judgment in the EDPS v SRB case

    The judgment delivered by the European Court of Justice (CJEU) on September 4, 2025 in the EDPS v SRB case (case C 413/23 P) is an important landmark in the field of data protection, because it deals with the concept of “personal data” which is at the heart of the practice.

  • Traveler registration: Is it legal to ask for a photocopy of a guest’s ID card or passport at the check-in desk of a hotel?

    There is some uncertainty in the hotel industry over whether photocopies of ID cards or passports can or should be stored as proof of compliance with the obligations in Royal Decree 933/2021 on traveler registration. In this article we take a detailed look at what the legislation says and what guidance the AEPD has given on this subject.

  • Data protection evolving regulation in Latin America and their impact on labor relations

    The protection of personal data has become especially relevant in the workplace, driven by digital transformation, the growing use of personnel monitoring and management technologies, as well as the need to respect privacy in increasingly diverse work contexts. In recent months, countries such as Peru, Chile, and Mexico have been undergoing significant reforms that could require major changes in information management for employers. 

  • Proposal by the European Commission to amend the GDPR: a critical review and practical suggestions

    The European Commission has recently presented a proposal to amend the GDPR with a view to reducing the bureaucratic burden on small and medium-sized companies. The main measure that has been introduced is to expand the exceptions to the obligation to keep a Record of Processing Activities (RoPA). Although the intention behind the amendment is positive, the approach taken has been criticized because it fails to bear in mind the essence of compliance with the Regulation. We analyze what this implies (not necessarily an improvement for small and medium-sized companies) and propose various alternatives to facilitate compliance with the GDPR.

  • Data Economy, Privacy and Cybersecurity Newsletter - June 2025

    In this newsletter we offer the latest news on data protection, privacy and cybersecurity. We address the most recent resolutions of the competent authorities and agencies, key judgements and the most relevant current issues in this area. 

  • Data Economy, Privacy and Cybersecurity Newsletter - April 2025

    In this newsletter, we offer the latest updates on everything related to the data economy, privacy and cybersecurity. We cover the most recent rulings from relevant authorities and agencies, key court decisions, and the most important news in this field.

  • The European Commission continues unpacking the Artificial Intelligence Act: definition of artificial intelligence system and the general-purpose AI code of practice

    On February 6, the European Commission published guidelines to assist the various operators in the artificial intelligence environment to determine whether they are dealing with an artificial intelligence system within the meaning of Regulation (EU) 2024/1689 on artificial intelligence. Additionally, on March 11, it published the third draft of the general-purpose AI code of practice. In the following article, we unpack the key points of both documents.