World Data Protection Day

28 January commemorates World Data Protection Day. Also known outside Europe as Privacy Day. This date coincides with the anniversary of the ratification of the Global Convention 108 for the protection of data, which has outlined the criteria for regulating issues related to privacy in Europe and other regions during the last four decades.

Currently, digital society lives in a paradigm of constant change. For this reason, the Office of the Data Protection Delegate (ODPD) encourages to continue the task of raising awareness among professional teams about the importance of protecting our personal information.

Just like every year, and from the experience of daily activity, the ODPD ratifies its commitment to continue collaborating with the affiliated Health entities and with the rest of the Catalan Health System. As well as with all citizens. With this in mind, below is an abbreviated list of the most frequently asked questions and queries regarding data protection:


The AEPD has updated the Guide on the use of cookies to comply with the new European directives and has published the new Guide to using cookies for audience measurement tools. The main developments include the equal presentation of options to accept or reject cookies. The consideration of audience measurement cookies and statistics as techniques exempt from consent. The prohibition of “cookie walls” without alternatives. And the possibility of non-free alternatives in case of rejection.

International transfers 

Since the adequacy decision of 10 July 2023, it is considered that the USA guarantees an adequate level of protection substantially comparable to that of the EU, which implies the free circulation of data between both territories. In this way, data transfers can be made from the European Economic Area (EEA) to American entities that are members of the Data Privacy Framework List, without the need to establish additional data protection guarantees. US entities not included in this list must continue to subscribe to some of the guarantees contemplated in article 46 GDPR.

Biometric data in presence control and access in the workplace

Through the guide Presence control treatments using biometric systems, published by the AEPD on 23 November 2023, it is considered that both identification and biometric authentication are high-risk treatments involving special categories of data. In this regard, it is declared in the labour field that the use of biometric data for the registration of working hours and access control requires a rule with the rank of law that specifically allows it. The consent cannot lift the prohibition of the treatment or substantiate its legality since there is considered to be a clear imbalance between the interested party and the person responsible for the treatment.

  • The Office of the Data Protection Delegate encourages to continue the task of raising awareness among professional teams about the importance of protecting our personal information