On May 9, a modification of the Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), was published on the occasion of the correction of GDPR errors, published in the "Official Journal of the European Union”. These changes entered into force on 05/10/23. MAIN NEWS Elimination of the warning from the catalogue of sanctions. The warning is no longer considered a sanction to be imposed on Data Controllers and Processors and is now considered an appropriate measure, independent of the disciplinary procedure but processed in a similar way. This provision is included within the corrective powers of the control authorities and is applicable to any type of subject: Public administrations Legal persons Physical persons The purpose of this change is the implementation of the warning procedure as a specific, more flexible and quick procedure, with a maximum duration of six months, which will allow speeding up the response to claims presented by citizens. - Extension of the term of the actions of the Data Protection Agency. In order to provide a better response due to the increase and complexity of the cases presented to the Agency, the current reform contemplates the following deadlines: Disciplinary procedure: goes from 9 to 12 months Previous investigation actions: go from 12 to 18 months These processing deadlines, as well as those for admission to processing regulated by article 65.5 and the duration of the preliminary investigation actions, will be automatically suspended when information, consultation, request for assistance or mandatory pronouncement of a body of the European Union must be collected or one or more control authorities of the Member States. - Implementation of new research methods through digital systems. The recent reform introduces a new article that allows research, not only in person, but also through actions through digital systems (videoconference or other similar systems). To carry out this investigation, the secure transmission and reception of the documents and information exchanged will be guaranteed and the use of these systems will occur when determined by the Agency, requiring the inspected party's agreement with the date and time of its development. - Application of obligatory models for the presentation of claims. The possibility is established for the Agency to implement said claim submission models in all areas in which it has competence, regardless of whether or not the interested parties are obliged to interact electronically with the Public Administrations. These models will be published in the BOE and in the electronic headquarters of the AEPD. They will be mandatory one month after their publication, with the aim of facilitating and simplifying the presentation of claims. Madrid, May 31st, 2023. Author: Laura Gobernado Guzman. Partner at MG Abogados, Madrid, Spain.
1.A European regulations. At present, there is no specific regulation in relation to cryptocurrencies, and it is not possible to regulate their issuance or extraction given their decentralised nature. However, the conversion service can be regulated, and this is precisely where the new regulations have an impact. Thus, the European Union approved Directive (EU) 2018/843 of the Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purpose of money laundering or terrorist financing and amending Directives 2009/138/EC and 2013/36/EU. The Directive has been amended to extend its subjective scope of application to include providers of services exchanging virtual currencies for flat currencies and also providers of electronic wallet services. The definition of "virtual currency" is provided as a "digital representation of value not issued or guaranteed by a central bank or public authority, not necessarily associated with a legally established currency, which does not have the legal status of currency or money, but which is accepted by natural or legal persons as a means of exchange and which can be transferred, stored or traded by electronic means". Accordingly, trading platforms and e-wallet services should carry out customer verification work in order to restrict, albeit partially, the attractive anonymity that cryptocurrencies allow and that has led to the financing of money laundering activities. This verification work takes the form of certain due diligence measures aimed at identifying the customer, assessing and obtaining information about the purpose and nature of the business relationship, and implementing monitoring measures. These measures must be taken prior to the establishment of the business relationship not only in respect of new customers but also, where appropriate, must be applied to existing customers. Directive (EU) 2018/843/EU of the European Parliament and of the Council ("Fifth Directive"), amending Directive (EU) 2015/849 of the European Parliament and of the Council on the prevention of the use of the financial system for the purpose of money laundering or terrorist financing (known as the "Fourth Directive"), should have been transposed into Spanish law by 10 January 2020. However, it was not until 27 April 2021 that Royal Decree-Law 7/2021 was approved to amend Law 10/2010 of 28 April on the prevention of money laundering and terrorist financing ("Law 10/2010") for this purpose. The Royal Decree-Law has been chosen in order to avoid sanctions from the European Commission as a result of the delay in transposition. 1.B Spanish regulations. A. The transposition of the EU Directive. Royal Decree-Law 7/2021, amendment for this purpose of Law 10/2010 of 28 April on the prevention of money laundering and terrorist financing ("Law 10/2010") (transposition of the EU Directive), which amends Law 10/2010 of 28 April on the prevention of money laundering and terrorist financing ("Law 10/2010"), entered into force on 29 April 2021. Its main new features as far as this report is concerned are as follows: 1. New obliged entities Pursuant to the Fifth Directive, a number of new obliged entities have been added to the list of those required to comply with the prevention of money laundering and terrorist financing ("AML/CFT") regulations, including: Providers of services for the exchange of virtual currency for legal tender, the transfer of virtual currencies and the custody of electronic wallets. These obliged entities, which are considered financial institutions, must be entered in a register created for this purpose at the “Banco de España”, subject to (i) the existence of adequate prevention procedures and bodies in accordance with Law 10/2010; and (ii) compliance with commercial and professional integrity requirements under the terms of Article 30 of Royal Decree 84/2015, of 13 February, which implements Law 10/2014, of 26 June, on the regulation, supervision and solvency of credit institutions. If these requirements were no longer met, registration would be forfeited. The second transitional provision of the Royal Decree regulates the deadline for registration in the register of service providers for the exchange of virtual currency for fiat currency and the custody of electronic wallets, which will be operational within six months of the entry into force of the Royal Decree-Law (29 April 2021). Natural or legal persons providing any of the services described in Article 1(6) and (7) of Law 10/2010 of 28 April 2010 to residents in Spain must register with the “Banco de España” within nine months of the entry into force of the Royal Decree-Law. 2. Creation of a single register of beneficial owner One of the main new features of the reform of Law 10/2010 is the creation of a single register managed by the Ministry of Justice, which will centralise the information on beneficial ownership available in the Register of Companies, Register of Foundations, Register of Associations and other registers that may collect information on registered entities, as well as that of the General Council of Notaries. The Directorate General for Legal Security and Public Faith (formerly the Directorate General for Registers and Notaries) will be in charge of the Register. Its decisions will be subject to appeal before its hierarchical superior, i.e. the General Secretariat for Innovation and Quality of the Public Justice Service, whose decisions will put an end to administrative proceedings. This new register is expected to provide more reliable information and put an end to the current dispersion of information. - Entities that must be registered: Spanish legal entities and entities or structures without legal personality that have the seat of their effective management or their main activity in Spain, or that are administered or managed by individuals or legal entities resident or established in Spain. - Period for keeping the information: ten years after the extinction of the legal person or entity. - Who may access the register? Authorities with competence in the prevention and repression of the offences of financing of terrorism, money laundering and its predicate offences, including the Public Prosecutor's Office, the bodies of the judiciary, the Security Forces and Corps, the National Intelligence Centre, the Commission for the Prevention of Money Laundering and Monetary Offences and its support bodies, the supervisory bodies in the event of an agreement, the Asset Recovery and Management Office, the State Tax Administration Agency and the Protectorate of Foundations, as well as such other authorities as may be determined by regulation: shall have free and unrestricted access not only to the current data on the beneficial ownership of the person or entity, but also to the historical data recorded. Subjects obliged in compliance with their obligations regarding the identification of the beneficial owner: access shall be subject to payment of a fee and restricted to the current information contained in the Register, for which purpose they shall request proof of registration or an extract therefrom. In cases of above-average risk business or customer relationships, in order to consider the obligation to identify the beneficial owner fulfilled, obliged entities may not rely solely on the information contained in the register, but must carry out additional checks. Other third parties: they may have access against payment of a fee only to the name and surname, month and year of birth, country of residence and nationality of the current beneficial owners of a legal person or entity or structure without legal personality, as well as to the nature of such beneficial ownership, in particular, whether it is due to the control of the ownership or that of the management body of the legal person or entity. As an exception to the above, if the information relates to trusts, a legitimate interest in accessing the information must be demonstrated. - Can access to information held in the Register be refused? No, unless such access would expose the beneficial owner to a disproportionate risk of fraud, kidnapping, extortion, harassment, violence or intimidation or others of similar seriousness, or if the owner is a minor or a person with limited capacity or subject to special protection measures. The aforementioned exception cannot be invoked if the person seeking access to the information is a competent authority or an obliged subject for the fulfilment of its obligations to identify the beneficial owner. 3. Obligations to obtain, keep and update beneficial ownership information. On the one hand, trading companies, foundations, associations and any other legal entities subject to the obligation to declare their beneficial ownership, whether of Spanish nationality or subject to Spanish legislation, must obtain, keep and update the information on their beneficial owner under the following terms: ■ It shall be kept for a period of ten years as from the cessation of their status as beneficial owner under the terms established by regulation. ■ It shall be kept at the disposal of obliged entities when they establish business relations or carry out occasional transactions, in order to enable them to comply with their AML/CFT obligations. ■ It shall be kept up to date by (a) the sole director or joint and several directors; (b) the board of directors, as well as, in particular, the secretary of the board of directors, whether or not a director. On the other hand, the beneficial owner must provide several information to the bodies indicated in the previous paragraph, as soon as he becomes aware of his status as such (in this way, the obligation to provide information is transferred to the beneficial owner himself): Name and surname(s)/Date of birth/Type and number of identification document (in the case of Spanish nationals or residents in Spain, the document issued in Spain will always be included) / Country of issue of the identification 5 document, if the National Identity Document or Spanish resident card is not used/Country of residence/Criterion that qualifies that person as the beneficial owner/In the case of beneficial ownership by direct or indirect ownership of shares or voting rights, the percentage shareholding, including, in the case of indirect ownership, information on the legal persons involved and their shareholding in each of them. This section applies mutatis mutandis to trusts, the beneficial owners of which must also be identified. 4. Financial ownership file Electronic money institutions and payment institutions will also be obliged to contribute information to this file, together with credit institutions, which until this reform of Law 10/2010 were the only reporting institutions. Reporting entities will have to declare safe deposit boxes and payment accounts, in addition to the current and savings accounts and deposits that were already being declared. The list of bodies that may access the File, always for the investigation of offences related to money laundering or terrorist financing, or for the performance of their AML/CFT functions, as appropriate, is completed as follows: - Jurisdictional bodies with competence in the investigation of these offences. - Public Prosecutor's Office. - State Security Forces and Corps and Autonomous Regional Police with competence in this area. - Asset Recovery and Management Office. - Secretariat of the Commission for the Oversight of Terrorist Financing Activities. - National Intelligence Centre (CNI). 5. Non-face-to-face relations It is established that the identity of the customer must be accredited by means of a qualified electronic signature regulated in Regulation (EU) 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC. In this case, it is not necessary to obtain a copy of the document, but it is necessary to keep the identification data that justify the validity of the procedure. B. Legal qualification of cryptocurrency in Spain. The definition of cryptocurrency varies from legislation to legislation, and even within the same state. In Spain, as in most regulations, the debate lies in whether these currencies should be considered as a security, a currency or rather a digital asset. Thus, the Tax Agency, in a consultation regarding the VAT liability of bitcoin exchange transactions, opted to include the cryptocurrency in the concept of "other commercial effects" of Art. 135.1. d) of Directive 2006/112/EC, stating: "if supplies of money for consideration are not taxable, the aim of this provision is to exempt all transactions involving the movement or transfer of money, either directly or by means of transfers or by means of various instruments such as cheques, promissory notes or other instruments involving a payment order". The handicap of this conception is that cryptocurrency does not, in itself, entail any rights because the user can only sell his coins if someone else is willing to buy them, but there is no obligation to do so. On the other hand, most central banks have refused to consider cryptocurrencies as currencies essentially because of their decentralisation, i.e. the fact that they are not backed and therefore controlled by any central bank. This is the view of the relevant Austrian, French and German bodies, among others. The latter position advocates considering them as digital or intangible movable assets. The first company with a share capital made up entirely of bitcoins, classified as non-cash contributions, has already been set up in Spain. The deed of incorporation was registered in the Mercantile Register without any problems. Therefore, it seems that until there is a specific regulation governing cryptocurrencies as legal tender -if there will be one-, they must be considered intangible movable assets. 1.C Local regulations. The opening of a physical store in a city/town in Spain will require compliance with local regulations. The subject will have to apply for the corresponding licences, which are determined by the correspondent Town Hall. Madrid, December 19th, 2022.
Since our foundation in 2001, we have massively expanded our global footprint and now have members in 25 countries worldwide.View our Locations
The Alliance of Business of Lawyers gathers bi-annualy in a different location.Know more about our conferences
London, The Bloomsbury, May 17, 2023The Alliance of Business Lawyers' 44th Conference will take place in London. Druces LLP and Warners Solicitors are looking forward to hosting our annual spring conference. ""W
Join us and get involved in challenging international work while retaining your firm's independence.Join Us
Alliance of Business Lawyers is a leading international network of business lawyers. Our members provide local expertise to globally operating businesses.More about Us
Sign up here to stay up to date with the latest legal news and events.