Spanish Agency for the supervision of Artificial Intelligence

The proposal for the European Regulation on Artificial Intelligence places a particular emphasis on Governance. Which is regulated in its title VI. In this title, a series of control bodies are established, one of which relates to the obligation to designate Artificial Intelligence Supervisory Authorities in each Member State.

For this reason, the following laws have been cited as the background for its creation:

In the one hundred and thirtieth additional provision of Law 22/2021, of 28 December, on General State Budgets. The creation of the  (AESIA) was established. The Agency is defined as having full organic and functional independence and that it must carry out measures to minimise significant risks to the safety and health of people. As well as to their fundamental rights, risks that may arise from the use of artificial intelligence systems.

Law 28/2022, of 21 December, to promote the ecosystem of emerging companies, known as the Startup Law. Also provides for the creation of the AESIA  in its seventh additional provision.

Lastly, Royal Decree 729/2023, of 22 August, on the Statute of the Spanish Agency for the Supervision of Artificial Intelligence provides for its effective implementation with the constitution of the governing council. Within a maximum period corresponding to the entry into force of this royal decree.

Lastly, on 7 December 2023, the Secretary of State for Digitalisation and Artificial Intelligence published the names of the members of the Governing Council. Thus establishing this ground-breaking Agency. The creation of this Agency means that Spain becomes the first European country to have an authority with these characteristics and it anticipates the entry into force of the European Regulation on AI.

This Agency, based in Galicia, will not be the only national authority. Since the proposal for the European Regulation on Artificial Intelligence states that Member States will have to designate competent national authorities and select a national supervisory authority among them.

Functions of AESIA

  • Oversee compliance with applicable regulations in the scope of Artificial Intelligence. Having the power to impose penalties for possible violations thereof.
  • Promote testing environments that enable AI Systems to be correctly adapted to reinforce user protection and avoid discriminatory biases. For this reason, Royal Decree 817/2013, establishing a controlled testing environment for assessing compliance with the proposal of the European Regulation on Artificial Intelligence was published on 8 November 2023.
  • Strengthen trust in technology, through the creation of a voluntary certification framework for private entities. Which makes it possible to offer guarantees on the responsible design of digital solutions and ensure technical standards.
  • Create knowledge, training and dissemination related to ethical and humanistic artificial intelligence to show both its potential and opportunities for socioeconomic development. Innovation and the transformation of the productive model, as well as the challenges, risks and uncertainties posed by its development and adoption.
  • Stimulate the market to boost innovative and transformative practical initiatives in the scope of AI.
  • Help to implement programs in the scope of Artificial Intelligence through agreements. Contracts or any other legally binding instrument to support the implementation of Artificial Intelligence programs.

Comparisions with the Spanish Data Protection (AEPD)

In general, these two authorities have similar functions. Although each in its own field. In France, its data protection authority, CNIL, will be the one to have the powers of the Supervisory Authority within its borders.

Even then, AESIA and AEPD cannot be compared since the presidency of the Governing Council is the responsibility of the Secretary of State for Digitalisation and Artificial Intelligence. Who will directly propose who will be the general director of AESIA, whereas the Statute of the AEPD appoints its positions by parliamentary agreement.



Trade secrets and data protection – Part 2

Last November we published the first part on trade secrets and data protection. In this post, we introduced the subject by explaining trade secrets and the law that protects them. Today we are going to finish exploring the topic and shed some more light on it. Let’s go!

What is a violation of secrets?

A violation of trade secrets is considered to be when a person or entity accesses a company’s confidential information without authorisation and uses it to obtain economic benefits or competitive advantages.

This can range from disclosing confidential information to third parties, using trade secrets to directly compete with the company, or even misappropriating confidential information to sell it to another company.

Steps to protect your trade secrets

When guaranteeing the protection of trade secrets, a series of steps should be followed, such as those indicated below:

1.Establish confidentiality agreements

Establishing confidentiality agreements with employees and third parties (suppliers) is key to maintaining internal order and, if necessary, taking legal measures to penalise misuse of the company’s confidential information.

2. Control access

Many companies take into account the physical security of data, but nowadays most of that data is found in the digital framework.  For this reason, companies must incorporate relevant protection measures in an increasingly digital world.

3. Define confidential information

When establishing a confidentiality agreement, it is necessary to regulate what is considered confidential information in a company. To do so, a thorough analysis must be carried out that identifies the secrets and associated risks.

4. Provide training

Training is also essential to avoid data breaches to the outside. Therefore, employees must be trained on how to handle the company’s data.

5. Make special protective equipment

It is important to delegate certain responsibilities to a security and data protection officer. This person will therefore be responsible for ensuring said protection.

6. Continue making progress

Many companies focus on data protection when it is already too late. It is important to start working on this immediately and continue to add projects and all types of actions to ensure the full protection of data. In terms of data protection, this is known as proactive responsibility.

7. Make protection the priority 

Cyber threats are currently a significant problem at the business level. That is why taking action tomorrow is not good enough; data protection on the Internet must be handled straight away. Failing to do so, companies will jeopardise their finances and their reputation.

This is key; protecting trade secrets in a company is not only a preventive measure, but also a measure of future success. If you have questions or wish to know more about any of this information, do not hesitate to contact us. At Bacaria we can advise you.

como afectan pantallas salud niños

The impact of screens on the health of minors

Now in the midst of the Christmas season, children enjoy their holidays at home and therefore have much more time to go online and spend hours in front of screens, whether they be mobile phones or computers. Misuse of the digital world, however, affects physical, mental, sexual and social health. It also has an impact on neurodevelopment and learning during childhood and adolescence.

Screens undoubtedly have an effect on children’s health and today we explain the 10 most common consequences of their excessive use on minors, as defined by the family digital plan created by the Spanish Data Protection Agency together with the Spanish Paediatric Association.

10 consequences of excessive screen use on children’s health

1. Impact on sleep quality

Since screens stimulate and disturb rest, children are at a greater risk of sleeping fewer hours and having a less restorative sleep.

2. Possibility of causing obesity

As a result of the sedentary lifestyle that may be caused by excessive screen use, children engage in less physical activity and generally tend to eat more caloric and less healthy foods.

3. Visual fatigue due to screens

Prolonged or regular exposure causes visual fatigue and, as a result, the onset or worsening of myopia and the presence of red, itchy and tearing eyes may occur.

4. Back pain

When we use screens, we all tend to make the mistake of adopting bad postures that can cause back, neck and joint pain.

5. Anxiety

Excessive screen use can also lead to anxiety and behavioural changes due to feeling the need to be connected and finding it difficult to accept limits established by adults.

6. Decreased attention

How many times have you unsuccessfully tried to talk to your children? Screens have a strong appeal that makes us evade everything without listening to what is happening around us.

7. Impulsive behaviour caused by screens 

 Since screens automatically resolve all issues, problems or questions that children ask them, it increases their risk of being more impulsive, thus decreasing their ability to wait. Everything has to happen right away.

8. Social isolation

The individualism characterised by excessive screen use can affect how a girl or boy relates to their environment, not only because of their excessive use, but also due to the risk of high social comparison.

9. Risk behaviours

If, in addition to using screens excessively, minors consume content that is not appropriate for their age, this can lead to early sexual behaviours that are also high risk.

10. Changes in learning

Excessive screen use can also affect their ability to learn as well as their neurodevelopment.

As you can see, there are many very important consequences, which is why screen use should be limited as much as possible. This does not mean that you should prohibit screens, but they should be controlled to protect children’s health and development.


One step closer to regulating artificial intelligence in Europe

A few days ago, the news broke about the provisional agreement on the European Artificial Intelligence Act. After negotiations took place between the Council and the European Parliament.

It is the Proposed European Regulation laying down harmonised rules on artificial intelligence, prepared by the European Commission on 21 April 2021.

After this proposal was presented, the Council agreed on its position regarding the Regulation on 6 December 2022. And on 9 December 2023, the Council and the Parliament were finally able to reach an agreement on it.



2. AIM of the artificial intelligence regulation

The new regulation represents a paradigm shift in the EU, but it will also impact the rest of the world, as was the case with the Data Protection Regulation, since it applies to:

  • Providers placing on the market or putting into service AI systems in the Union, irrespective of their location.
  • Users of AI systems located within the Union.
  • Providers and users of AI systems that are located in a third country, where the output information produced by the system is used in the Union.

This regulation has a number of main aims:

  • Create harmonised rules for the placing on the market, the putting into service and the use of Artificial Intelligence systems in the entire Union.
  • Prohibitions of certain AI practices.
  • Requirements for High Risk systems and obligations for operators of such systems.
  • Transparency requirements.
  • Rules on market monitoring and surveillance.

These aims focus on risk and ranges from complete prohibition to certain obligations.

It establishes practices that are completely prohibited in order to protect the rights and liberties of citizens, such as:

Following the approach on risk, the prohibited practices are followed by a classification of high-risk systems. For which conditions are set forth so that these systems are more viable from a technical perspective and are a smaller burden for the interested parties. The requirements are as follows:

Another notable aspect includes generative AI systems, which must comply with transparency criteria. These include clearly specifying when a text, song or photograph has been created using AI.


The text also establishes a series of penalties for non-compliance with the guidelines, which the Member State must apply. This means they must notify the established penalty regime. These may reach:

  • Administrative fines up to 30 M or 6% of the total worldwide annual turnover for the preceding financial year (non-compliance with the prohibition of prohibited practices).
  • Administrative fines up to 20 M or 4% of the total worldwide annual turnover for the preceding financial year, for non-compliance with any requirement set forth in the regulation.

4. Artificial intelligence and GDPR

Whenever Artificial Intelligence Systems handle personal data, they must comply with all the provisions of the personal Data Protection Regulation: duty of information, basis for legitimacy, principles, etc.

One of the problems that may arise is that today AI commonly uses large amounts of personal data, and in order to comply with the provisions of the GDPR, it uses anonymised data.

With regards to anonymised data, GDPR does not apply but taking into account the significant technological advances that take place every day, the anonymised data of today may be pseudonymised tomorrow, which must comply with the requirements of the data protection regulation.

Another requirement for AI systems that handle personal data is the obligation to carry out a Data Protection Impact Assessment since it meets requirements that mean it must be performed: as innovatively used technology, mass data handling, etc.


8 tips to protect your data as you do your Christmas shopping

During times like the Christmas season, cybercriminals double down on their attacks to steal our personal data. Tailoring their messages and gimmicks to activities related to shopping. Many Christmas purchases are made online, whether due to lack of time or because of the listed price, and this can pose certain risks to privacy and data protection.

Personal data can be used to scam us, access our bank account and carry out other fraudulent activities. Cybercriminals are able to do so by adapting their messages to each time of the year or to the current season, such as Christmas and holiday shopping, to capture our attention and steal our data. In today’s post we help you identify these scams and give you some advice to prevent these and other risks to your privacy. Lear to protect your data today.

Tips to protect your data when making your online Christmas purchases

  1. Do not open emails with links that ask for personal information

How many times have you received one of these emails pretending to your bank? Surely tons of them. Although we are all aware of these types of scams, you may sometimes get “stung” by them when you are not paying attention or when stressed. We are all very busy with our jobs, commitments with family and friends, and thousands of other concerns.

No matter what happens, always follow this tip: never answer this kind of email. No bank asks for personal information, bank details or passwords in an email, and even less so by sending a link that you have to click.

Beware of all types of emails that try to scare you or that contain links to unbeatable exclusive offers that redirect you to websites asking for personal data. Contact the company through its official channels before clicking the link. And, when in doubt, do not click the link: visit the company’s website yourself by entering the address in the browser.

  1. Pay attention to the cookie banner of the online services you access, and only accept the data processing you consider appropriate

  1. Be careful with SMS messages and other messages on WhatsApp, Telegram and other instant messaging services

Another widespread practice among cybercriminals that you have surely been a victim to on more than one occasion is receiving an SMS from a courier company saying that your shipment is on its way. And you’re not expecting anything, right?

In any case, whether you are waiting for an order or not, at Christmas time it is uncommon for one to neither expect a gift nor get something for themselves. Nevertheless, we still offer the same advice. Never respond to these types of messages, whether you are expecting something or not.

This type of technique is called smishing and it is often used together with great offers or courier shipments during sales or the Christmas shopping season. In addition to SMS, it also uses other instant messaging services such as WhatsApp, Telegram, etc.

  1. Buy from official and trusted online stores

Review both the privacy policy and the legal notice to find out who is responsible for processing your personal data.

  1. Avoid connecting to public Wi-Fi networks

Have you already used up all your data and cannot wait to get home to buy that Christmas gift? It can wait, it can definitely wait. Do not be tempted to connect to a public Wi-Fi network to make online purchases, it may be hacked and a cybercriminal will make purchases for you.

  1. Review the privacy and security settings of your devices regularly

  2. Consider making your online purchases with a card that you only use for that purpose

  3. Use different passwords for each Internet service. You can use a password manager to help you.





NFTs and intellectual property

The acronym NFT stands for “Non-Fungible Token” and refers to records in the blockchain that transform digital files into unique works of art. These records make it possible to verify the authenticity of said works, turning them into unique and verifiable pieces. Each of these works of art are unique thanks to the code given to them, which cannot be changed. This means that the work can never be copied or plagiarised since its code will always be different.

NFTs make it possible to issue certificates of authenticity and grant exclusive ownership of the author, thus ensuring that the work cannot be plagiarised or lost. So what do we really buy when we pay for an NFT? Do we acquire any rights to the work? What legal aspects about the relationship between NFTs and Copyright should we take into account? This is exactly what we are going to discuss today.

What do we buy when we pay for an NFT?

It is essential to understand that ownership of an NFT and owning the intellectual property rights to an asset or work of art (copyright in the case of digital art) are two different concepts. Intellectual property rights to an NFT belong to its creator, whereas the buyer only acquires the code/token in the NFT and not the asset/work of art itself. In general, one DOES NOT obtain intellectual property or commercial rights when purchasing NFTs.

When an NFT is acquired, we are paying for a unique work whereby the buyer is granted exclusive ownership to the same. Taking into account that it is a digital asset that cannot replaced as there is no other like it. What we really buy when paying for an NFT is nothing more than a cryptographic token or digital certificate of authenticity that, through blockchain technology, is associated with a single digital file.

The parties, however, may enter into an agreement whereby the copyright is transferred to another person or entity. Economic rights and moral rights are some of the copyrights that may be transferred.

Economic rights include the ability of the NFT’s author to prohibit or authorise the reproduction of their work, its interpretation or adaptation, among others. As for moral rights, the author’s right to claim authorship of the work and the right to oppose any modification that may harm their reputation as its creator is recognised.

Legal aspects about the relationship between NFTs and Copyright

Copyright protects and attributes authorship to a person who has created a work. It also provides certain rights as an author, including moral and economic rights. In this sense, the most important legal aspect to take into account is the copyright of the acquired work and knowing how to differentiate between the buyer’s rights and the original author’s rights.

Ultimately, NFT buyers, unless otherwise explicitly set forth in a contract, will only have the right to own, sell, loan or transfer the NFT itself. Unless they own the copyright, they do not have the right to make or sell copies of the digital art, transfer the copyright over the work, or create derivative works based on the original.

Are you a creator of NFTs and do you need advice on legal matters regarding the intellectual property of your creations? Contact us!


secretos_empresariales_proteccion de datos

Trade secrets and data protection – Part 1

A company’s data is one of its most valuable assets. And information is power. Today we are going to discuss trade secrets and the Law on Trade Secrets, shedding some light on the topic and addressing the protection of data they generate.

Defining trade secrets

Trade secrets are confidential information with economic value for a company and they can be used to gain competitive advantage in the market.

The definition given by the Law on Trade Secrets (LSE) is very broad, whereby a trade secret is considered to be any information or knowledge, including technological, scientific, industrial, commercial, organisational or financial knowledge. It can include designs, formulas, processes, business strategies, customer lists and much more.

To be protected as a trade secret, the knowledge or information must be secret, meaning that it is only known by a limited number of people and it cannot be deduced by industry experts through observation or reverse engineering.

Law that protects secrets

The Law on Trade Secrets aims to protect and guarantee the confidentiality of business information that has economic value and is kept secret by the company. This law states that trade secret is considered to be all information that:

1. Has business and economic value.
2. Is not in the public domain.
3. Has been established only for employees or owners of the company, having sufficient protection measures.

The LSE will only apply when it can be proven that the company has adopted specific measures to reinforce the security of the information or knowledge to be protected. In particular, the protection of companies must be based on the following pillars:

– Identification of information or knowledge considered to be sensitive.
– Adoption of security measures that guarantee security.
– Preventive legal measures such as the signing of confidentiality agreements.
– Reactive measures such as the implementation of action protocols when a violation of security measures is detected.

The Law on Trade Secrets states that the unauthorised disclosure, collection and use of information related to trade secrets will be considered a crime.

In the event of trade secret violation, the company affected may sue the offender and seek an injunction, as well as compensation for damages incurred. Ultimately, the purpose of this law is to protect companies against the violation of their confidential information and ensure the right to maintain trade secret confidentiality.

This is the end of the first part; in future posts we will discuss trade secret violations from a practical perspective.


Why use Artificial Intelligence chatbots

Artificial Intelligence is revolutionising the world to such an extent that many sectors are considering it as an option in the not-too-distant future when it comes to people in the workforce. In fact, talking with AI chatbots has become common in many companies and services for some time now.  

An AI chatbot is a robot capable of talking to customers, almost as if it were human. The online chatbot’s ability to provide quick responses, automate repetitive tasks, and personalise customer interactions has made it a very popular tool.

To give you an idea, according to an Accenture study, 43% of organisations report that their competitors are already implementing chatbots. The same study disclosed that 91% of companies that implemented AI chatbots expect to see a return on investment (ROI) of 1x to 5x in the first 12 months. Moreover, implementing chatbots as a customer service resource entails certain advantages.

Advantages of using Artificial Intelligence chatbots

  • They reduce the burden of repetitive tasks on agents and improve user satisfaction.
  • They offer 24/7 support.
  • Multitasking ability.
  • Increased productivity.
  • Personalised attention.
  • Improved internal communication based on data.

But how is an AI chatbot configured? First, it is important to identify key problems, establish the context, design a workflow, and personalise messages. Optimisation will come later, with interaction in real situations.

Creating AI chatbots

Do not worry if you are not very familiar with the technology. Many conversational solutions providers have ready-to-use AI chatbots. On the other hand, if you already have additional experience, you can completely adapt the online chatbot to your needs.

Whatever your case may be, it is important to follow a five-step flow:

  1. Identify the problems you want to solve: What questions do customers ask the most? At what time? Through which channel? You need this information to configure your AI chatbot.
  2. Establish the necessary context level: How much and what types of data does the AI chatbot need to answer these questions? Are they updated? What type of access or integration does the AI chatbot need to fully function?
  3. Design the conversational flow between chatbots and agents: If a customer has a more complicated request, how will the conversation be transferred to a human agent? What are the criteria for distributing demand among the team?
  4. Write personalised messages: When a customer uses your AI chatbot, how do you make them feel special? Will the AI chatbot greet the person by their name?
  5. Optimise the chatbot based on interactions: After a few weeks of using the online chatbot, what went well? What can be improved?

Always talk intelligently

If you thought a chatbot was great, imagine a chatbot integrated with artificial intelligence. As you have seen, it is very easy to have an artificial intelligence bot. It is also incredibly useful, since its help means you can be certain that your customers are being assisted as well as possible. These tools facilitate the company’s work and customers are much happier.

Improve the experience of customers and their relationship with your company with a spectacular assistant that is efficient and available 24/7.


4 recommendations to protect yourself against Internet scams

These days, who hasn’t been the victim of an attempted scam on the Internet? Whether it was winning a prize draw you didn’t take part in or becoming the millionth luckiest client on the planet. The problem is that Internet scams is becoming increasingly common, and we must be very careful before clicking if we don’t want to regret it later.

Today we will give you 4 basic recommendations to protect yourself against Internet scams. Don’t be deceived!

Learn to identify a fake website

Most fake websites pretend to be online shops in order to scam compulsive online shoppers. In this case, we recommend looking to see whether the website URL starts with https:// or if the prices are suspiciously low compared to the quality. There’s no such thing as a free lunch. Never forget it!

Look at the payment options

The level of protection of some payment options, such as MoneyGram, is very low. It is also almost impossible to get your money back after finalising a purchase. If they ask you to pay using a single payment method, it is probably an Internet scam.

Find out about the online shop before buying

If you can’t find information about it anywhere, don’t trust it! A real online shop would publish its name, logo, fiscal address, telephone number, location and email address. Also look for the secure site seal and the Terms and Conditions of sales, shipping, returns and cancellations among its web pages.

In addition to these basic 3 points, remember that scammers do not give up easily and will try to make you fall for their scam through methods such as phishing. To avoid these traps, follow the basic points below.

How to protect yourself against Internet phishing

Keep your antivirus up to date

Phishing can also take place through malware, so to prevent Internet scams it is important to have the latest version of your antivirus to block any type of threat and keep a registry of suspicious Internet files.

Avoid chain messages

Chain messages are a wonderful source of information for scammers. They gather the email addresses in order to use them for phishing. In any case, send emails with a hidden recipient or delete them if you don’t know the recipient.

Use a VPN when you connect to the Internet

If you connect to the Internet in public spaces, it is best to install a good VPN to create a secure connection through public networks and home networks. The VPN hides your online activity and protects against computer scammers by changing your IP address.

Do you follow these recommendations? If you didn’t know, now you have the information necessary to protect yourself from feared Internet scams. If you would like to know more about this topic and others related to digital rights, you will find other articles that may interest you in our blog. Have you read them?


Updates in the ‘right to be forgotten’ for cancer survivors

Royal Decree-Law 5/2023, of 28 June (RDL 5/2023) amended the Insurance Contract Law and the Consumer Protection Act to implement the ‘right to be forgotten’ for cancer survivors which entered into force on Friday, 30 May 2023.

These legal amendments will have a significant impact on all types of contracts entered into by entrepreneurs and professionals and consumers. In particular, they will affect life insurance contracts, as well as banking and financial contracts that take into account consumer health factors as a condition for providing. Or denying benefits in the event that information about a pre-existing cancer is withheld.

What is the ‘right to be forgotten’ for cancer survivors?

The ‘right to be forgotten’ for cancer survivors is the right held by a person who has suffered from cancer where said condition will not be taken into account in different situations. Such as when taking out life insurance or applying for a loan. This right therefore prevents these individuals from having to justify their medical history and it ensures that they are not discriminated against.

How does the ‘right to be forgotten’ for cancer survivors work?

Another key point is the approved royal decree-law establishes the ‘right to be forgotten’ for cancer survivors. When they take out insurance policies and sign up for banking products 5 years after the completion of treatment and without relapse.

  • Clauses, provisions, conditions or agreements that exclude one of the parties due to the fact that they had cancer are declared null.
  • Making distinctions when taking out insurance for a person because they had cancer is prohibited.
  • There is no longer an obligation to declare whether one has suffered from cancer in order to take out life insurance. And taking cancer history into account in this procedure is also prohibited.

Who can benefit from this measure?

Basically any person who has suffered from cancer can benefit from this new right once 5 years have passed since the completion of treatment and without subsequent relapse. The Government is authorised to modify this term based on the development of scientific evidence.

mal uso internet niños

4 liabilities of minors and their parents in Internet use

Today bullying, discrimination, intimidation, ridicule or the publication of sensitive content on the Internet use is all too common among children and adolescents.

These actions violate rights and go against the law, and parents may incur the costs of administrative offences and criminal behaviour of their underage sons and daughters.

It is indeed a problem that many parents face and that may result in different types of liabilities. Today we will discuss them.

Types of liabilities as a result of misusing the Internet

1. Administrative liability

Publishing sensitive information about a person (images, audio files, videos, information of a sexual or violent nature through which they can be identified). Without consent on the Internet is a violation of the data protection regulations that, without prejudice to filing a complaint through the Priority Channel of the Data Protection Agency to request the urgent removal of this content. May result in an economic sanction for the person who published it or contributed to its dissemination.

The parents or legal guardians of minors over the age of 14 who are given an economic sanction due to violating the data protection regulation shall be jointly and severally liable.

2. Civil responsibility

Material and moral damages caused to third parties by minors as a result of this behaviour gives rise to asset civil liability. For which parents and legal guardians are responsible.

3. Criminal liability

Minors over the age of 14 are also liable for offences listed in the Penal Code such as bullying, threats or disseminating or forwarding images that undermine a person’s intimacy, even if they were obtained with their permission, which is applicable in sexting or cyberbullying cases.

The measures in these cases depend on the circumstances, such as evolutionary development, background, etc., and normally community service or socio-educational tasks are ordered, and probation and imprisonment (placement in centres or weekend residency) may even be imposed.

* Organic Law regulating the criminal liability of minors

4. Disciplinary liability in education

These behaviours can lead to disciplinary liability when they take place in schools (bullying, intimidation, humiliation, serious offences, discrimination or violence towards other students or teachers on the Internet). Corrective measures ranging from a verbal or written warning to the student’s suspension from the school or exclusion can be imposed.

As you can see, many liabilities may arise as a result of misusing the Internet. If you find yourself in one of these situations, Bacaria Legal can help.


Video games and piracy

During the 80s and 90s, piracy wreaked havoc on the sales of video games in Spain and abroad. Unofficial figures put piracy at 90% during those years. During this time, it was a very common practice since you simply needed a microcomputer that could read cassette tapes and a double tape deck. Nothing like today.

It might be difficult to see from the outside looking in. But the video game industry is huge, and not only in terms of users, but also with respect to the large number of teams that work in this sector.

How to pirate a console

The console in question is essentially modified so that it reads both the original discs and any file with an extension that is ultimately a video game. Once this has been done, the user searches questionable web pages, the ethics of which are even more questionable, for so-called ROMs. These are pirated games that can then be played for free on the console.

Many platforms have suffered from piracy and emulation, with the Nintendo DS possibly being one of cases we are most familiar with. Luckily, due to a variety of factors and especially the fact that the Japanese company sold large numbers of consoles, it was anything but a failure. However, it was not the same story for other consoles, such as the well-known Dreamcast.

Besides, there were many factors that contributed to the failure of this console, and competition from PlayStation which targeted the same audience as this console by SEGA, as well as the price which was higher than its competitors that played a role, but it was without a doubt piracy that was detrimental.

Losses in the video game sector as a result of piracy

Although this practice has decreased in recent years, its effects are still being felt in the global economy. Piracy and falsification of products in the video game sector is a bad practice, but it is nonetheless on the agenda. The most frequent downloads from the portal are video games, which is equivalent to a 20% profit loss for both video platform companies (such as Sony and Nintendo) and computer games.

Despite the fact that these actions have decreased in recent years, their effects are still being felt in economies around the world. Just in Spain 600 million euros were lost each year due to piracy, which includes cultural content such as books or films.


privacidad y seguridad en vacaciones

3 tips on privacy and security while away on holidays

August, the month of holidays par excellence. Sunshine, beach, trips, unplugging from technology, long days, and also the best time of the year for criminals to be up to their old tricks. Although we all know this happens, summer holidays might make us let our guard down. If you don’t mind taking a bit of our advice, don’t let this happen and remember some of the following mistakes that we tend to make.

1. Be careful on social media to keep yout privacy and security

We all love to show how much fun we are having on holiday. The spectacular landscapes we are visiting, dreamy beaches and over-the-top meals in dazzling restaurants. But before becoming immersed in that world, we should stop to think that maybe it’s better to refrain from publicly leaving clues about where we are, what we are doing, how or with whom.

If you don’t want any unpleasant surprises when you get home from a wonderful holiday, save your photos and post them when you have returned. Don’t make the mistake of shouting from the rooftop that you are not home and that thieves are welcome.

2. Attention to privacy and security

According to data from the Centre for Sociological Research (CIS), one in four people (24.5%) have regretted posting something on social media.

Before pressing the share button on your social media accounts, you should always think about who can view your photos. If your profile can be accessed by search engines, keep in mind that anyone can see the photos, videos or comments you post. The Agency offers a series of explanatory video tutorials created together with INCIBE to explain how to access the privacy and security settings of some of the most popular Internet services to ensure that your profile is not displayed when, for example, your name is entered in a search engine.

Once search engines can no longer access your profile, you should also consider the fact that the people who have access to your information in turn choose who has access to their profile: friends, friends of friends or everyone. If you share a photo with your followers or friends on social media and one of them likes it, a friend of a friend, someone who you don’t necessarily know, may end up seeing that image. And there may be situations that you might not want to share with strangers.

3. Do not trust open Wi-Fi networks and shared computers

Data consumption when on holiday is much higher than usual. And that’s with many hours spent away from home. Either on the beach, taking a walk, on a terrace with friends, and let’s not even get into going away on holiday. By spending less time at home, we use more data and are tempted to connect to open Wi-Fi networks.

But what’s the problem? Well, sometimes these networks can be used by cybercriminals to steal your personal data and passwords. If you do use them, do not enter your passwords. Do not exchange sensitive information, do not connect to your banking service, and do not shop online.

Moreover when we are travelling, situations may arise in which we must carry out a procedure and connect from a public computer in a hotel or call shop. In these cases, we recommend using the browser’s private browsing option. Not saving your passwords on the shared device and, after using it, closing all sessions you have opened (email, websites, chats, etc.).

4. Anticipate the theft or loss of your devices

When you travel or take part in summer activities such as going to the pool or beach or visiting tourist sites. The risks of losing or having your mobile or tablet stolen increase. Consequently this can be a disaster for your privacy, since we essentially have all of our personal information on these types of devices.

Then, we suggest that you make a backup copy of the information you store and do not forget to add a password or pattern system to lock the devices.

But first and foremost, enjoy your holiday and unplug from your phone. Being on holiday doesn’t always happen and while you are engrossed with the screen you are missing the magic of the little things. Take your eyes off your phone and delight in your well-deserved holiday!



marca registrada

4 tips for securely registering your trademark

A trademark is one of the most valuable intangible assets of a company since it is what makes it stand out from its competition and it is the tool which allows it to promote and position itself on the market. This is why we at Bacaria Legal always recommend registering it given it is an investment for all types of companies.

A trademark grants an exclusive right of use that protects you against third parties trying to copy or replicate it. A registered trademark transmits a company’s values, but it also helps identify its services and/or products and conveys trust to the users and consumers.

While there are many benefits to trademarks, if you do not know how to register them there are also risks. Today we will explain 4 tips you should take into account to securely register your trademark. 

4 tips when registering your trademark

Viability study

Before deciding to register a trademark, you should assess whether it meets the legal requirements and identify previously registered or applications for identical or similar trademarks. This is because similarities between trademarks can give rise to problems and hurdles when registering them. It is worth devoting resources to this viability study otherwise you risk the creative and strategic effort all being for nothing.

Trademark law is regional

Although there are international agreements, as is the case with the Community Trademark, we recommend filing a different registration for each country you operate in. This means you will have a registration in each country. Depending on the commercial interest of your company, it will be essential to separately assess the regions and focus on protecting that identifies you in each territory.

First come, first registered

With regards to registering, time is of the essence. This means that a specific distinctive name or logo will be granted to the first registration application that is filed.

Actively monitor the registered trademark

This is a service that we have recently rolled out at Bacaria Legal, the aim of which is to keep our clients informed of all the new identical and similar trademark applications, among other aspects. As such, monitoring helps with making business decisions and its resulting value for the business.




New General Telecommunications Law

How many times a week do you receive calls from operators offering you a TV in exchange for contracting a service? Too many, right? Daily and annoying situations like these will soon be regulated thanks to the New General Telecommunications Law. That, in addition to encouraging investment by operators, mainly focuses on improving user protection.

Today we will tell you about the main amendments proposed by this new Bill which will affect both operators and users. Let’s go!

Main amendments


A more suitable framework is created to make investments to deploy new generation networks. Thus making it possible to offer innovative services that are more technologically suited to the needs of the people.

It establishes that when the Telecommunications Market Commission imposes obligations and conditions for access to the networks. It must take into account the investment risk of the operators.

A more effective and efficient use of the radio spectrum is promoted through generalisation of the principles of technological neutrality (use of any technology) and service neutrality (provision of any service).

With regards to designating an operator to provide the universal service, a bidding mechanism is established where, until now, this mechanism was only used if several parties showed an interest after a consultation process.

Furthermore, operators that make their network available to other entities in order to produce radio broadcasts must verify, prior to the start of said broadcasts, that these entities have the corresponding licence for the radio public domain. This represents an important measure to prevent illegal radio and television broadcasts.


The amendments introduced reinforce the rights of users and their protection. Thus, it is established that end users shall have the right to receive more information about the characteristics and conditions of service provision and about the quality with which said services are provided (prices, offer limitations, etc.).

Personal data is also protected more effectively. For example, data protection regulations apply to data obtained from commercial product labels by means of identification devices that use the radio spectrum (RFID). Moreover, it sets forth that additional information must be given to the user about the computer files or programs (“cookies”) that are stored on computers and other devices used to access the Internet with the purpose of facilitating web browsing.

The new regulation states that changing an operator while maintaining the number (portability) must be carried out within one business day. Likewise, it improves access to services for people with disabilities or with special social needs, stipulating that it must be in conditions equivalent to the conditions that apply to all other users.

In summary

What changes with the new General Telecommunications Law?

Companies may not call users for commercial purposes without prior consent.

What happens if a telephone operator calls me outside the established time frame?

Basically n the framework of the Consumer and User Protection Act, failure to comply with this regulation shall lead to the opening of disciplinary proceedings. It also opens up the possibility of filing a claim with the Spanish Data Protection Agency which, depending on the seriousness, recidivism, affected users, etc., could impose a penalty”.

This main rule regulates the sector of electronic communications networks and services in a uniform and comprehensive manner. Audiovisual communication services and Information Society services are excluded from this regulation.



New trademark monitoring service

A trademark is the biggest asset of your activity or business. Identifying oneself and standing out in the market through trademarks is one of the keys to business success. Sound advice to protect your assets and creations clears the path towards a successful future. Protection is a key element in being able to put up a defence in the future.

Our new trademark monitoring service allows our clients to monitor the status of their trademarks. We send alerts if the trademark is about to expire or there is a trademark that is very similar to your own or that can compete on the market for which registration is sought.

The aim of this new service is to monitor the trademark to prevent third parties from profiting financially from your trademark and thus protect it.

How does the new trademark service work?

Our specialised trademark monitoring software performs the following functions:

  • Monitoring and tracking the trademark.
  • Collision attempt alert (notification when registration is sought for any third-party trademark that is similar to ours and may thus entail a likelihood of confusion).
  • Trademark renewal and maintenance alert in order to prevent it from expiring.
  • Obtaining the trademark registration certificate.

Are you interested? Call us at 933 011 286 or write to!


New Whistleblower Channel Law

Have you heard about the new Whistleblower Channel Law but aren’t really sure what it entails? Here’s a brief summary of its objectives, who it protects and who must comply with it.

Starting 13 June of this year, this new regulation requires entities with 250 employees or more to have a whistleblower channel. Moreover, starting 1 December, this will also be mandatory for companies with between 50 and 250 employees, as well as municipalities with less than 10,000 inhabitants. Yes, that’s right, there’s only one week to go. So if you are not aware of what’s going on, read this article that may be of interest to you.


Objectives of the new whistleblower channel law

To guarantee the proper protection of those who decide to step forward and report illegal or infringing actions within organisations, whether they be private companies or public organisations. And to ensure that they will not be subject to any type of retaliation such as: dismissals, not being promoted or being demoted, among others.

It also includes a number of specific support measures for whistleblowers, such as: comprehensive and free advice, financial backing and psychological support.

This objective seeks to promote internal reporting through whistleblowing channels, helping to prevent the commission of crimes or offences within organisations and promote an ethical culture.

But what can be reported? Any action or omission that may constitute an infringement of EU Law (those included in the annex to the Whistleblowing Directive, those that affect the financial interests of the EU and those that affect the internal market), in addition to actions or omissions that may constitute a serious or very serious criminal or administrative offence.

Who does the whistleblower channel law protect?

The whistleblower channel law protects any whistleblower who works in the private or public sector and who has obtained information about offences in a work or professional context.

These whistleblowers may be civil servants, employees, freelancers, shareholders or executives, volunteers, trainees, or employees who are in training periods or going through a selection process.

The law can also be applied retroactively. In other words, it will also protect those who report offences within the framework of an employment or statutory relationship that has already ended.


Which entities are required to have a whistleblower channel?

Companies with 50 employees or more.

Enterprises of any size that operate in: the financial market, environmental protection or transport security.

Companies with a turnover equal to or greater than 10 million euros.

Public administrations and entities (both of the State and Autonomous Regions and the local administration) and constitutional bodies. Public universities and public law corporations.

Political parties, unions, employers and foundations.


Ultimately, the whistleblowing channel law transforms this tool into a fundamental element for combating and preventing offences and crimes in organisations.

If you have a company, do not wait for the deadline for implementing the whistleblower channel to pass and avoid sanctions. At Bacaria Legal we can advise you. Call us now!




Legal obligations if you are a YouTuber

Are you a YouTuber? Does your life revolve around the creation of audiovisual content that generates you advertising income? Whether you are in the top ten or not, there are certain legal obligations that you must comply with. Today we are going to tell you the most important ones that you should keep in mind. Let’s start!

The 5 most important legal obligations for a YouTuber

Youtuber Identification

Comply with the requirements of Law 34/2022 on Information Society Services. What exactly do these requirements entail? It’s very simple, you have to identify yourself by providing data that enables direct communication. Your name, company name, domicile, email address or tax ID code (CIF), in the event you work through a company, are the essential data that must be submitted. It is very important that you provide this data publicly on the same platform or on an external website.

Promotion and advertising

Respect the rules on Advertising, complying with the General Law on Advertising and the General Law on Audiovisual Communication.

Although platforms such as Google and YouTube automatically insert advertising into the videos you publish, you as a broadcaster can transmit campaigns recommending certain brands with which you collaborate. In this case, you are required to warn users that it is paid advertising.

Moreover, in this situation you must comply with some basic rules of advertising regulations. Advertising cannot be misleading, based on the criteria of truthfulness. It also may not be illegal or subliminal, and cannot infringe on the rights of minors or people with cognitive disabilities, or any user in general.

You should also bear in mind that broadcasting content that promotes hatred, contempt or discrimination on grounds of birth, race, sex, religion, nationality, belief or any other personal or social circumstance is prohibited.

Youtuber Intellectual Property

If you use third-party content without the permission of its respective authors, be mindful of the consequences. You can use lengthy excerpts or even entire works of others, but always with the consent of its author, except in the case of parodies.

Privacy policy

If you use the data of subscribers to your channel, you must comply with the Organic Law on Protection of Personal Data and Google’s internal regulations on the use of personal data.

Furthermore, if you send out emails, interact on social media or carry out other direct communication actions with users, you must comply with the legal requirements concerning identification, cookies management, privacy policy, compliance with personal data protection regulations, among others.

Administrative and tax obligations

Like any company or self-employed individual who carries out an activity, you must comply with the administrative and tax requirements. You must be registered with Social Security, as well as with the Tax Agency with the Economic Activities Tax (IAE) corresponding to your activity, and you must make the relevant quarterly and annual settlements in terms of VAT and personal income tax.

Do you fulfil all these obligations? If so, you can rest easy. However, if you think that you are failing to comply with one of them due to a lack of awareness or being poorly advised, Bacaria Legal can help. Contact us.


WeTransfer Logo

Privacy risks of using WeTransfer

Who hasn’t used WeTransfer before? Using this platform to send large files such as photos, designs or projects is very common both in our work routines and in our personal lives.

Moreover, WeTransfer offers many options when it comes to exchanging files of all kinds. We must, however, be aware of the security and privacy risks of the files we send, since there are no sufficient guarantees. In addition to the fact that it has previously suffered security breaches.

Have you ever thought about this? Probably not, since most users assume that platforms of this magnitude leave nothing to chance. But think about it, it’s a business model. Therefore, our privacy is especially affected in the event that we use the free version. Let’s see how it works and the main privacy risks we expose ourselves to when using it.


Why our privacy may be affected when using WeTransfer:

  • There is no guarantee that only the person with whom we share the link can access the files:

In the free version, accessing third-party files is not difficult. We could easily access third-party files by following some simple instructions that can be found on the Internet.

  • A security breach occurred where 232,000 deliveries were affected:

In 2019, WeTransfer suffered a cyber attack that put 232,000 deliveries at risk. In other words, there was no guarantee that the content of those deliveries could not be accessed by third parties.

  • In the free version, files are not encrypted:

 This implies that if we include documents or images that contain personal data or confidential information, they will not be secure. Anyone who has access to the link can open it.

  • Files are stored unencrypted in the WeTransfer cloud.


Privacy risks:

  • We put people’s privacy at risk. We fail to comply with data protection regulations:

If we upload documents or files with personal data, confidential data, third-party images, voice files, etc., we will be breaking the law since the WeTransfer platform does not offer sufficient guarantees to protect this information.

  • The files that we upload may be affected by a security breach for which we will be partially responsible:

Knowing that WeTransfer (especially in its free version) does not offer security guarantees such as encryption, a security breach may occur and the files that we have uploaded may be affected.

Now that you have this information, perhaps your view on the use of this platform has changed a bit. Or maybe not. Be that as it may, keep it in mind and if you have any questions, ask us! At Bacaria Legal we specialise in digital law. Contact us.


Privacy risks: ChatGPT

ChatGPT is the most important Artificial Intelligence development in recent years. Last month we discussed its impact on data protection. Today we will delve deeper into the risks it poses to privacy. Let’s go!

Working under the assumption that chatbots rely on our personal data and the more data they collect, the more accurate they are at both detecting patterns and anticipating and generating responses, the risk to privacy increases substantially.

Besides if bearing in mind that the information used to train artificial intelligence products like ChatGPT is taken from the Internet. And personal data that is often acquired without user consent, this is a case that breaches privacy regulations.


Measures that ChatGPT must adopt to comply with privacy regulations

  1. Inform on data processing. What data is used and its purpose.
  2. Inform on how data subjects can oppose the use of their data for training algorithms and implement mechanisms to do so.
  3. Conduct information campaigns in the media.
  4. Set up mechanisms to prevent users under the age of 13 from accessing the service.

Provisions of the privacy regulation that are not met

Firstly, the duty of information is breached since complete and transparent information is generally not provided to users and interested parties regarding the processing their data undergoes in these systems.

Additionally, they do not comply with the principles that regulate personal data processing, including the principle of accuracy. Given that a large amount of data introduced into the systems is inaccurate, the result is large-scale misinformation. In this vein, one of the most serious concerns regarding the use of systems like ChatGPT is the tendency to embellish the information and increase the bias in the answers given to the user.

Another of the notable violations is the lack of legitimate basis for the mass processing of personal data in order to train the algorithms that govern chatbot operation.

It is also important to highlight that the principle of confidentiality is contravened and that there is a lack of security measures. This greatly increases the risk of breaches and cyberattacks.

Therefore, we can conclude that although AI holds to potential to transform sectors, solve problems, simplify answers or be a great source of information, it also poses great ethical and social risks.

It is important to note that chatbot systems can reproduce, reinforce and amplify patterns of discrimination and/or inequality. As a result, the irresponsible data handling by these systems leads to unreliable results, which can harm the well-being of citizens and security in legal proceedings.

Will a robust regulatory framework be created worldwide that regulates artificial intelligence systems like ChatGPT? Here at Bacaria we will closely monitor the situation and keep you up to date.



Protocol to support measures that promote mental health on the Internet

Last February, the Spanish Data Protection Agency (AEPD) designed a General Action Protocol to support measures that promote mental health on the Internet.

This protocol aims to contribute to increasing the effectiveness of measures offering assistance to affected people in the event that their data has been obtained illegally through the Internet. It especially focuses on cases of digital violence against women, minors and other vulnerable groups.

What is the protocol of measures to promote mental health on the Internet

The protocol states that the AEPD and the General Psychology Council of Spain (COP) will cooperate in carrying out outreach activities focused on promoting AEPD’s materials, tools and resources to achieve the purpose of this protocol.

Moreover, at the request of the AEPD, the COP will collaborate in activities related to the aims of this protocol. In which its participation can offer a special added value. This is the case of the Priority Channel or the tools on gender equality and the fight against gender violence.

The ‘Priority Channel’ makes it possible to request the immediate removal of sexual or violent content published on the Internet without the consent of those who appear. It is a tool that offers a quick response in exceptionally sensitive situations. This includes situations involving the dissemination of sexual or violent content.

Additionally, a route is established in which the complaints received are analysed as a matter of priority. Allowing the Agency, as an independent authority, to adopt any urgent measures that may be necessary to prevent this content from continuing to be published. The AEPD will support training and awareness in matters of privacy and the protection of personal data of members of the Official Psychological Associations through its Council.  Furthermore, it will institutionally support the COP.

Both institutions will jointly work together to organise forums, workshops, conferences, seminars and informative breakfasts. As well as any other dissemination and awareness action such as press releases. Blogs or publications on social media regarding matters covered by this Protocol. In addition to carrying out related studies and publications of interest.

It is a protocol that we at Bacaria Legal believe is essential to be able to respond to this type of situation that is generated in the digital environment.


ChatGPT and its impact on data protection

ChatGPT is an OPEN AI product that is considered to be the most important Artificial Intelligence development in recent years. It is a trained language model (Generative Pre-trained Transformer) that provides coherent and natural responses to questions and text commands. It is mainly characterised by its ability to offer coherent answers to complex questions and its rapid learning and improvement in performance.

Its primary tasks include the following: translating languages, writing songs, writing blog posts, creating cooking recipes, answering research questions, generating code, and it has even passed university exams.

How does it work?

When given text input, it uses its GPT model to analyse the meaning and context of the input and generate a coherent response. Moreover, ChatGPT uses its prior knowledge and ability to continuously learn to improve its performance and provide more accurate and relevant answers to user questions.

How do I use it?

First, you must visit the Open AI website and register. Once the registration process is complete, you can get started with your free trial. But please keep in mind that you will need a paid subscription to access all of the product’s features.

At Bacaria, we recommend that you review its policies at before using it.


How does ChatGPT affect Data Protection?

Is important to note that ChatGPT itself does not collect personal data. However, if the user enters it in the chat, the product processes it and generates responses based on the user’s information. It can also access the IP address, as well as the browser type and settings, mainly for security purposes.

Also it is advisable not to enter personal, confidential or sensitive data, since the team responsible for developing and maintaining ChatGPT may review conversations to improve the systems and for quality purposes.

Furthermore, OPEN AI ensures that computer security measures are used, such as data encryption, limited access to servers and the regular deletion of user data to avoid any risk of exposure and vulnerabilities.

What should I bear in mind in terms of data protection if I want to implement a ChatGPT chatbot at my company?

Said company, as the data controller of the data processed through the ChatGPT chatbot, must take into account the following implications:

  1. Identify the processing of personal data that will be carried out with ChatGPT in its Record of processing activities.
  2. Use one of the lawful bases set forth in Article 6 of the GDPR.
  3. Fulfil the duty to clearly and simply inform the interested party/user of the chatbot about the processing of their data.
  4. In the event that the ChatGPT chatbot is provided by a service provider, a data processing agreement must be signed. Alternatively, if it is implemented directly by the company, a processing agreement must be signed with OPEN AI, and to do so, you must contact them via the email provided on their website, stating that you need to sign said data processing agreement.
  5. Perform a Data Protection Impact Assessment to analyse the features of the ChatGPT chatbot, how personal data is collected and used, the impact on rights and freedoms, and which measures will be taken to protect personal data and mitigate privacy risks.

In summary, it is evident that the use of this type of technology can entail a risk to privacy, which is why the provisions of the Data Protection Regulation and other complementary regulations must be taken into account. At Bacaria, we have a team specialised in Artificial Intelligence and privacy and we will be happy to assist you.