The Official Journal of Spain ("BOE") published the General Telecommunications Act 9/2014 (source document in Spanish) on May 10. The Act establishes, among other aspects, new requirements for the processing and sending of commercial communications. Regarding cookies, the Act also includes new requirements for obtaining the consent of the data subject in order to process personal data by means of storage and data recovery devices in terminal equipment. Finally, the Act expressly establishes the power of the DPA to examine the security measures adopted by the telecommunications operators and to issue recommendations (best practices) that it deems appropriate. Furthermore, the DPA may adopt instructions and guidelines regarding the circumstances in which the operators are requested to notify personal data breaches.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.