Spain: Why you should care about the Citizens’ Security Bill

By EDRi · July 30, 2014

On 11 July 2014, the Spanish Council of Ministers adopted the Bill on the Protection of Citizens’ Security. The draft law comes under the authority of the Ministry of Interior which, after “hearing” the opinions of several public authorities and civil society in response to a preliminary text, adopted the bill. The legislation is intended to repeal an existing law of 1992. The proposals are strikingly and disturbingly similar to rules that have been adopted in China and which were proposed, subsequently deemed unconstitutional, in Chile.

Before becoming law, the bill has to go through the two chambers of the Spanish Parliament and, if enacted, some of the provisions of the law would be further developed by implementing regulations (cf. Article 41 and the Third Final Provision of the Bill).

So far, the Government’s proposal has been strongly criticised. Restrictions to the freedoms of assembly and expression in protests received a lot of attention in the media, but some provisions of the bill have barely been discussed.

Measures which have been overlooked in the media include Article 25, which would oblige cybercafés and similar establishments to keep records of their clients’ IDs because these establishments “exercise activities which are relevant for citizens’ security”. Non-compliance with Article 25 would result in fines ranging from 100 to 30 000 Euro. In addition to the pecuniary sanctions, the bill foresees the suspension of licenses, authorisations or permits and even the closing down of facilities (cf. Articles 36 (22), 37(9) and 39). As expressed in the report issued by the General Council of the Spanish Judiciary (a constitutional body that exercises governing functions within the judiciary), this provision broadens the scope of its predecessor, Article 12 of Law 1/1992. Both Article 25 and other provisions described below are likely to restrict data protection, privacy rights, freedom of expression, the right to information or the presumption of innocence, if adopted in their current form.

Other provisions of the Spanish Citizens’ Security Bill raise similar concerns, such as Article 26, which foresees the possibility for certain establishments (including cybercafés) to adopt physical, electronic, IT, organisational or personal security measures (cf. Article 52 of Law 4/2014 on Private Security); Article 43, which creates a Central Register of Infringements against Citizens’ Security “to appreciate recidivism”, i.e. to keep records of repeat offenders; or Article 46, which would allow the authorities that are “competent to impose sanctions in accordance with the [bill]” to have access to the data of the alleged offenders , with the sole safeguard that this access must be linked to an ongoing investigation.

Article 36(26) merits special attention. It establishes that “the non-authorised use of pictures, personal or professional data” of security forces’ officers would be categorised as a serious offence. This Article would complement Article 559 of the Criminal code proposed by the Bill on the reform of the Criminal Code, which is currently going through the Congress. If adopted, Article 559 would also criminalise the “public distribution or dissemination, by any means, of messages or orders inciting the commission of any crimes for disturbance of public order (…) or supporting the decision of committing them”, punishable by up to one year of imprisonment. This provision would, in principle, mean that taking photographs or videos, for example, of misbehaviour of security service staff would incur the risk of prosecution.

Spain is not the first country that tries to implement this type of policies. It is worth remembering that China implemented a similar policy on cybercafés a few years ago. Chinese cybercafés must require their customers’ IDs in order to access their services. As evidenced by an investigation conducted by ‘Information Times’, it resulted in a “significant loss of business”. Chile is another example. The Chilean Parliament intended to impose registration of cybercafé users, but the proposal was declared unconstitutional by the Constitutional Court in 2011.

Bill on the Protection of Citizens’ Security Law (only in Spanish, 25.07.2014)

Spanish government tones down its controversial Citizen Safety Law (28.05.2014)

Report of the General Council of the Spanish Judiciary on the Preliminary Draft Organic Law on the Protection of Citizens’ Security (only in Spanish, 27.03.2014)

The Security Law shall impose ID identification to be able to use phone booths and cybercafés (only in Spanish, 07.04.2014)

Bill on the amendment of the Spanish Criminal Code (only in Spanish, 04.10.2013)

The Constitutional Court in Chile finds a provision on cybercafé users’ register unconstitutional (only in Spanish, 12.07.2011)

China’s Internet Cafes Respond to ID Check Rules (26.07.2010)

(Contribution by Maryant Fernandez Perez, EDRi intern)