Medical devices
According to Royal Legislative Decree No. 1/2015 on medicines and medical devices, national health authorities can carry out periodic inspections to verify compliance with its provisions. The infringement of this provisions could entail: (i) the adoption of precautionary measures; and (ii) sanctions.
Indeed, if national authorities consider that a medical device can affect the health and/or the security of patients, users or third parties, then precautionary measures can be adopted, including ordering their withdrawal from the market, seizure of the product, or imposing additional/special requirements.
As for the infringements regarding medical devices regulation, article 112 provides the list of infringements and classifies them as minor, serious and very serious. According to said provision the classification is made attending to the following criteria: (i) risk to the health; (ii) amount of any potential benefit to be obtained; (iii) severity of the health and social disorder caused; (iv) generalization of the infringement; (v) and recurrence. The sanctions which may be imposed depend on the particular infringement and may vary from €6,000 to €1,000,000 and even surpassing said quantity to a maximum of five times the value of the products and services which have been part of the infringement. However, the maximum of each sanction will only be imposed if the infringement act has caused direct damage to the public health or created a serious and direct risk to the public health.
In cases of serious or very serious infringements, the sanction will be published in the corresponding official journal, and in cases of very serious infringements, the corresponding authority could order the temporary closing of the corresponding installation for up to 5 years.
Data Protection
Despite of the enforcement mechanism provided by the GDPR (art. 83), the Spanish Data Protection Act contains its own enforcement mechanism (Title IX Spanish Data Protection Act). In particular, the Spanish Supervisory Authority could—ex officio or at the request of a party or a national authority—initiate a sanctioning proceeding in the case of a possible infringement of the data protection regulation in force. Main milestones of this proceeding are:
- Individuals and national authorities should file before the AEPD a complaint for this purpose.
- Once this is admitted, the AEPD can initiate ex officio preliminary diligences to better determine the facts and circumstances that justify the initiation of a proceeding.
- In light of the result of these preliminary diligences, the AEPD will initiate the sanctioning proceeding. In these proceedings, the facts of the case, the defendant and the appellant and the alleged infringement should be specified.
Within the context of this proceedings, the infringements can be classified as minor, serious and very serious. The sanction that may be imposed by the AEPD (if the infringement is finally confirmed) depends on each case and on the severity of the infringement. Aggravating and mitigating circumstances could apply.
Consumer law
According to art. 49 Royal Decree 1/2007 on users and consumers, the competent authorities could sanction the infringements of its provisions (without prejudice to the civil and criminal liabilities that may arise), which are specified in its art. 29.
All infringements specified by art. 29 of this law have the consideration of “serious” and can be subject to sanctions from €3,005.07 to €15,025.30.
However, these infringements can be very serious in case of recurrence or if the benefits obtained with the infringement are higher that €601,012.10. Very serious infringements can be subject to sanctions from € 15,025.31 to €601,012.10.
General Advertising
Infringement of the provisions of the General Advertising Law qualifies as an act of unfair competition and thus may lead to the exercise by a competitor or a consumer of legal actions in a court proceeding, seeking, among others, the cessation of the infringement and a compensation for damages.
E-commerce
Spanish e-Commerce Act establishes a mechanism of infringements and sanctions, by virtue of which a failure to comply with its obligations may result in a sanction of up to €600,000 (depending on the severity of the infringement). These sanctions could be made publicly available.
In the event of serious or very serious infringements and within the relevant sanctioning procedure, certain preliminary injunctions could be adopted, such as:
- temporary suspension of the service provider activity and, where appropriate, temporary closure of its establishments or
- sealing records, supports and computer files and documents in general, as well as computer equipment of all kinds.
In addition, an infringement (or potential infringement) of certain principles set out in the Spanish e-Commerce Act, may give rise to enforcement mechanisms through which the competent authorities may interrupt the provision of services.
AI Regulation
The 2021 proposal for a Regulation on Artificial Intelligence foresees that each Member State shall designate or establish a notifying authority responsible for setting up and carrying out the necessary procedures for the assessment, designation and notification of conformity assessment bodies and for their monitoring. Furthermore, Member States shall lay down the rules on penalties, including administrative fines, applicable to infringements of this Regulation and shall take all measures necessary to ensure that they are properly and effectively implemented. Therefore, once this Regulation comes into force, Spanish regulatory body will implement an enforcement mechanism for compliance with the AI Regulation.
Social Media cookies collect information about you sharing information from our website via social media tools, or analytics to understand your browsing between social media tools or our Social Media campaigns and our own websites. We do this to optimise the mix of channels to provide you with our content. Details concerning the tools in use are in our privacy policy.