The following content relates to advice on updates in relation to commercial,corporate and data protection law via our firm network connection, Bird& Bird, for Spain.
20 April 2020
The Spanish government has announced that the state of alarm will be extended until 9 May and the extension is expected to lead to measures to reduce movement restrictions (e.g. allowing children under 12 to go outside).
14 April 2020
The Spanish government approved the extension of the state of alarm declaration until 26 April, 2020.
The AEPD has published some recommendations to protect personal data during movility and telecommuting situations, for data controllers and employees. It contains recommendations such as defining an information protection policy for mobility situations and periodically configure the devices used.
https://www.aepd.es/sites/default/files/2020-04/nota-tecnica-proteger-datos-teletrabajo.pdf (link to Spanish version).
2 April 2020
- The Spanish government approves the temporary restriction on the entry of non-resident or Spanish citizens within the Spanish territory during the following 30 days. The only people that can travel to Spain are the following: Spanish citizens that return to Spain, transporters of goods, flight personnel, diplomats or people who prove causes of force majeure.
- The Spanish government declares the "state of alarm", which implies the general order to close bars and restaurants, retail commerce, with some exceptions such as food stores or drug stores. Home delivery is allowed. The declaration of state of alarm has been extended until 11 April 2020.
- Board of directors meetings: during the time the state of alert is in force, and even if nothing is provided for in the company's bylaws, the board of directors meetings can be held via video conference or its resolutions can be passed in writing (without an actual meeting) when requested by 2 of its members.
- General shareholders' meetings: during the time the state of alert is in force, and even if nothing is provided for in the company's bylaws, the general shareholders' meetings can be held via video conference. Additionally, if the call for a general shareholders' meeting has been published before the date when the state of alert has been declared but the day scheduled for the meeting is later, the management body shall be able to modify the place and time or revoke the calling.
- Annual accounts: The three-month term for the directors to prepare and sign the statutory accounts shall be suspended until the date when the state of alert ends. From that date, the above-mentioned term shall be resumed for another three months starting from the date when the termination of the state of alert is decided. The terms for approval and filing are consequently delayed as well. If the annual accounts were already prepared and signed by the time of the declaration of the state of alert, the term to audit them (if applicable) is delayed to 2 months from the end of the state of alert.
- Separation right: Shareholders shall not be able to exercise their separation right (even though they were entitled to in accordance with the company’s by-laws or applicable laws) until the end of the state of alert.
- Winding-up: If before the date when the state of alert has been decided and during the time the state of alert is in force, the company falls under a winding-up cause (either provided for in the company’s by-laws or applicable laws), the legal term for the management body to call a shareholders meeting in order to pass a winding-up resolution or the relevant resolution to avoid the winding-up situation shall be suspended until the end of the state of alert. If the winding-up cause (either provided for in the company’s by-laws or applicable laws) occurs during the time the State of Alert is in force, the directors shall not be liable for the company’s debts incurred during the State of Alert period.
On the 12 March Spanish Data Protection Authority ("AEPD") issued a report declaring that the General Data Protection Legislation includes different lawful bases that enable the processing of health data with the purpose of fighting the epidemic. In its report, the AEPD analyses the different lawful bases that may be used by employers and public authorities for the processing of employees' and citizens' personal data.
The AEPD also declares in its report that "[...] the considerations related to the protection of data - within the limits provided by law - should not be used to hinder or limit the effectiveness of the measures adopted by the authorities, especially the sanitary authorities, in their fight against the epidemic, since the personal data protection legal instruments already contain a regulation for such cases that reconciles and weighs the interests and rights at stake for the common good."
https://www.aepd.es/es/documento/2020-0017-en.pdf (link to the English version).
On the 14 March the AEPD published a FAQ about data protection and coronavirus. The AEPD stated that the processing of health data by the employers can be justified under employer's obligation to ensure the health and safety of their employees but must be necessary and proportionate and, under some circumstances and in compliance with health authorities' requirements, to protect public health. Notwithstanding this, the AEPD emphasises that data protection principles and obligations remain applicable.
https://www.aepd.es/sites/default/files/2020-03/FAQ-COVID_19-en.pdf (link to the English version)
Unlike other supervisory authorities, the AEPD clarifies that the suspension of the administrative deadlines does not affect the obligation to notify security breaches timely. We understand this criteria is also applicable to other deadlines included in data protection legislation (e.g. managing data subjects' rights).
Click here to go back to the index page.