5.1.8 Data protection laws
Personal data protection is currently regulated by the 15/1999 Act on Personal Data Protection, which has been partially amended by the 2/2011 Act on a Sustainable Economy. The Spanish Data Protection Agency was created in 1993 to guarantee citizens the right to know who may have access to their personal data and for what purpose and to provide a platform for exercising the rights of access, alteration, cancellation and opposition. A decision of 13 May 2014 by the European Union Court relates to the so-called "right to be forgotten".
The regional data protection agencies for Madrid, Catalonia and the Basque Country were created in 1997, 2002 and 2003 respectively, and institutional collaboration now takes place between the General Data Protection Register and the regional registers. Regulations concerning data protection have a clear impact on the way cultural services (libraries, museums, theatres, etc.) market themselves to potential users / audiences through the type of data requested for membership or information about activities, etc.
In the opposite sense, in 2013 the Act of transparency, access to public information and good government recognised and guaranteed access to public information. In 2014, the Transparency Website of the Spanish government was opened.