Legal grounds to process personal data under Spanish legislation after the ECJ Judgment of 24 November 2011 (the ASNEF and FECEMD case)

Spanish law on personal data protection regulates (among other issues) the legal bases that permit the processing of data in a way that is similar to that set out in Directive 95/46/EC. Consent constitutes the general rule although data may be processed without it if necessary for administration functions, within the framework of a contractual relationship, in order to safeguard the vital interests of the data subject or if they are included in sources accessible to the public. However, unlike the Directive, legitimate interest is not recognised as an independent reason for processing data, whereas a legal ground that is not set out in community law is included, i.e., sources accessible to the public. This paper analyses these two cases, taking as its starting point consent, along with the consequences that the ECJ Judgment of 24 November 2011 regarding the interpretation of Article 7 of Directive 95/46/EC may have and giving attention to the revision of this Directive itself.