Go to content

AEPD Report 2023

AEPD REPORT: INFORMATION TO THE COMMISSION ON THE EXCEPTIONS OR LIMITATIONS TO THE RIGHTS OF INFORMATION AND ACCESS, RECTIFICATION AND DELETION PROVIDED FOR IN CHAPTER IV OF THE REGULATION IMI


Article 20 of Regulation (EU) 1024/2012 on administrative cooperation through the Internal Market Information System (IMI Regulation) provides that Member States shall inform the Commission in the event that they establish exceptions or limitations to the rights provided for in this Chapter (Chapter IV: Rights of Information, Access, Rectification and Suppression) in their national legislation in accordance with Article 13 of the Directive 95/46/EC.


Article 13 of Directive 95/46/EC provides as follows:

  1. Member States may take legal measures to limit the scope of obligations and rights (including those mentioned above) where such limitation constitutes a measure necessary to safeguard:
    (a) State security;
    (b) The defence;
    (c) Public security;
    (d) The prevention, investigation, detection and punishment of criminal offences or offences of ethics in regulated professions;
    (e) An important economic and financial interest of a Member State or of the European Union, including monetary, budgetary and fiscal matters
    (f) a control, inspection or regulatory function relating, even if only occasionally, to the exercise of public authority in the cases referred to in points (c), (d) and (e);
    (g) Protection of the person concerned or of the rights and freedoms of other persons.
  2. Without prejudice to appropriate legal guarantees, which exclude, in particular, that the data may be used in connection with measures or decisions relating to specific persons, Member States may, in cases where there is clearly no risk of an attack on the privacy of the data subject, limit by means of a legal provision the rights referred to in Article 12 (access, rectification and deletion or blocking) when the data are to be processed exclusively for scientific research purposes or are kept in the form of personal files for a period not exceeding the time necessary for the sole purpose of producing statistics.

EXCEPTIONS WITHIN THE FRAMEWORK OF SPECIFIC DATA PROTECTION LEGISLATION
The Organic Law 15/1999, of December 13, Personal Data Protection (LOPD) partially transposed the exceptions of Article 13 of Directive 95/46/EC in its Articles 23 and 24 (exceptions to the rights of access, rectification, cancellation and information).

Article 24 establishes that, when it affects the National Defense, public security or the prosecution of criminal offenses, it will not be applicable to the interested parties to whom personal data are requested the right to be previously informed expressly, precisely and unequivocally of:


a) The existence of a file or processing of personal data, the purpose of the collection of these and the recipients of the information.
b) The obligatory or optional nature of their response to the questions posed to them.
c) The consequences of obtaining the data or the refusal to provide them.
d) The possibility of exercising the rights of access, rectification, cancellation and opposition.
e) The identity and address of the person responsible for the treatment or, where appropriate, his representative.

Article 23.1 of the LOPD exempts, depending on the dangers that may arise for the defense of the State or public security, the protection of the rights and freedoms of third parties or the needs of the investigations that are being carried out, the rights of access, rectification and cancellation by those responsible for files containing data:

- That are necessary for the prevention of a real danger to public security or for the suppression of criminal offences (State Security Forces and Bodies)

- Data on ideology, trade union affiliation, religion, belief, racial origin, health and sexual life when the collection and treatment is carried out by the State Security Forces and Bodies exclusively for the purposes of a specific investigation

Article 23 paragraph 2 provides for the possibility of denying the exercise of the aforementioned rights by those responsible for the files of the Public Treasury when it hinders the administrative actions aimed at ensuring compliance with tax obligations and, in any case, when the affected person is being subject to inspection activities.

The exceptions provided for in articles 23 and 24 relate to publicly owned files.

There may also be limitations in other sectoral regulations, including those provided for in Law 10/2010, of 28 April, on the prevention of money laundering and the financing of terrorism, which transposes Community regulations on this matter.