The analysis relates to the conclusion of contracts online or by phone.

A review of the practice of remote contracts: On 29 October 2020, the Spanish Data Protection Agency (AEPD) completed its investigation into how the telecommunication and energy sectors comply with data protection rules in concluding remote contracts. Through this review, the AEPD aimed to obtain insight and did not sanction any company as a result of it.

Room for improvement in some aspects: With regard to the telecommunications sector, the AEPD found operators are generally working to implement the GDPR in their processes, although some shortcomings still emerged. For example, some companies only include the contact details of one Data Protection Officer for the whole group, and operators generally do not inform users of the retention periods of personal data.

The AEPD makes a list of recommendations: The authority recommends more transparency in disclosing how consent for the treatment of personal data has been obtained, and on aspects such as profiling and purposes of data processing. Telecoms operators should also improve the way in which they delete the data of customers, or potential customers, after a certain period of time.