APDCAT publishes more than a hundred frequently asked questions to resolve recurring questions about data protection . Catalan Data Protection Authority

Infografia de les noves FAQS en Protecció de Dades

The Catalan Data Protection Authority (APDCAT) has developed more than a hundred new frequently asked questions (FAQS) on data protection, with the aim of clarifying the most recurring doubts for both the general public and to those responsible and in charge of processing personal data.

In this sense, it has renewed the corresponding web section, incorporating new questions and answers with a more intuitive structure, organized from five thematic areas. Two of these are new: the one that includes questions addressed to those responsible and in charge of the treatment, and the one addressed to the citizenry. Three more have been updated or expanded. Specifically, questions on the scope of action of the APDCAT, on the entry into force of the European regulation and the organic law, and the glossary.

During the presentation, the director of the APDCAT, M. Àngels Barbarà, stressed that the extension and updating of frequently asked questions responds to one of the objectives of the APDCAT Strategic Plan 2020-2022, which is to help people to be proactive in defending their rights. In this sense, he defended that "this requires informing and raising awareness about the importance of protecting, in a preventive and active way, their right to data protection, especially in the current situation of sudden digitization and no alternative". In this line, he added that “we need to face such important changes as teleworking and virtual meetings, or even the way we relate in society, which have been integrated in an ordinary way in our day to day".

Barbarà warned that "this new situation increases the risk of losing control over our information", adding that "it is essential as an Authority to reinforce the idea that only informed and aware people can remain safe in the new digital world”. The director also referred to "groups that are already considered vulnerable on their own, as is the case of minors and patients", and recalled that "in the FAQS they have specific sections, as topics such as health or education deserve special attention". Barbarà pointed out that "we are getting used to a constant 'monitoring' of our lives", and added that "integrating this constant monitoring of our online actions as normal or inevitable cannot be the basis for innovation and development in a society that protects the rights and freedoms of people”.

On the other hand, the data protection delegate and head of strategic projects, Joana Marí, added that the FAQS want to “help people find an answer more quickly, and resolve specific doubts about how those responsible for processing their data can process it and what options they have if they consider that their rights are being violated”. He said that "this is a new, more agile system for finding information, with a distribution by subject, with new questions, and a differentiation between doubts addressed to those responsible for treatment, and doubts from those affected".

FAQS in health and education

Among the novelties, the APDCAT has updated more than seventy FAQS to resolve data protection doubts in situations of daily life related to the field of health and education. For its preparation, the Data Protection Guide for Patients and Users of Health Services, as well as the Data Protection Guidelines for Schools, have been taken into account.

Among the most consulted, it has been included whether the authorities can use our personal data in a pandemic without the consent, convenience or not of health apps, whether the medical center can provide health data of the patient or a relative by phone, who can access a medical history, etc.

In the field of education, some of the questions resolved have to do with the suitability of using fingerprint systems for student time control, if the consent of both parents is required to process the personal data of minors, if the school can provide birth details or contacts of other parents to the rest, and so on.

More structured information

The new configuration of the frequently asked questions section will make it easier to search for information taking into account five different thematic areas, so that the search is more intuitive and allows a more agile and optimal navigation. Thus, the original thematic areas of the web section have been halved, to simplify the distribution of information.

Specifically, the section on frequently asked questions on the scope of the authority, the entry into force of the RGPD and the LOPDGDD, and the glossary have been maintained. Therefore, the new entries correspond to the questions for those responsible and in charge, and the questions for the people affected.

In the first case, the information has also been distributed in nine areas: legal bases of the processing, specification of the controller, consent, other legal bases, special categories of data, exercise of rights, registration of processing activity, delegate data protection, international transfers, data protection impact assessments, risk management, and notifications of data security breaches.

As for the questions addressed to the people affected, they have been structured around five areas: doubts about consent, rights of the people affected, complaints, education, health.