SciTransfer
Organization

AGENCIA ESPANOLA DE PROTECCION DE DATOS

Spain's national data protection authority — regulatory expertise in GDPR enforcement, ICT ethics, and privacy compliance for EU research consortia.

Public authoritysecurityESNo active H2020 projectsThin data (2/5)
H2020 projects
2
As coordinator
0
Total EC funding
€33K
Unique partners
25
What they do

Their core work

The Agencia Española de Protección de Datos (AEPD) is Spain's national supervisory authority for data protection — the public body that enforces GDPR, investigates complaints, issues binding guidelines, and imposes fines on organizations that mishandle personal data. In EU research projects, they contribute regulatory authority and direct enforcement experience: they know how the law is actually applied, where companies fail compliance, and what regulators look for. Their H2020 participation is narrow and targeted — they joined consortia where their authoritative perspective on data protection law and ICT ethics was the specific asset needed, not to conduct technical research. For any project touching privacy-by-design, GDPR compliance tooling, or digital rights frameworks, AEPD brings something no university or tech company can replicate: the perspective of the regulator who will actually enforce the rules.

Core expertise

What they specialise in

GDPR enforcement and complianceprimary
2 projects

Both SMOOTH and PANELFIT directly address GDPR compliance and ethical-legal frameworks for ICT, reflecting AEPD's core statutory mandate.

Data protection regulatory policyprimary
2 projects

As Spain's national DPA, their role in PANELFIT — developing a new ethical and legal framework for ICT — directly draws on their policy and rulemaking authority.

Privacy compliance for SMEssecondary
1 project

SMOOTH targeted GDPR compliance tooling specifically for micro enterprises, an area where AEPD has enforcement visibility into where small businesses most commonly fail.

Digital ethics and participatory governancesecondary
1 project

PANELFIT used participatory approaches to shape ethical and legal norms for ICT, aligning with AEPD's advisory and standard-setting functions.

Evolution & trajectory

How they've shifted over time

Early focus
GDPR compliance and ICT ethics
Recent focus
GDPR compliance and ICT ethics

With only two projects, both launched in 2018, there is no meaningful timeline evolution to analyze — AEPD's H2020 engagement was brief, focused, and did not span multiple phases. Both projects address the same thematic core: data protection law and ethics in digital contexts, which is unsurprising given that 2018 was the year GDPR came into force, creating strong demand for regulatory expertise in research consortia. There is no evidence of a shift in focus because the dataset does not extend beyond that single entry point.

AEPD's H2020 activity was concentrated entirely in 2018 around GDPR enforcement topics; whether they have continued engaging in EU research beyond this period cannot be determined from this data, but their institutional mandate makes them a natural authority partner for any future project on AI regulation, data governance, or digital rights.

Collaboration profile

How they like to work

Role: specialist_contributorReach: European10 countries collaborated

AEPD participates exclusively as a partner, never as project coordinator — consistent with a public regulatory body that contributes expertise rather than managing research workflows. With 25 unique consortium partners across 10 countries from just 2 projects, they joined sizeable, multi-stakeholder consortia rather than small focused teams, suggesting they are sought out to add regulatory credibility and legitimacy to larger collaborative efforts. Working with them likely means well-defined advisory or validation tasks rather than hands-on technical delivery.

Despite only two projects, AEPD connected with 25 distinct partners across 10 countries — an unusually broad network footprint for such limited participation, reflecting the large consortium sizes typical of IA and CSA funding schemes. Their network skews toward the EU digital policy and ICT research community rather than any single geographic cluster.

Why partner with them

What sets them apart

AEPD is not a research organization — it is the Spanish state authority that actually enforces data protection law, which gives it a positioning no university research group or consultancy can replicate in projects dealing with privacy and digital rights. Consortium builders working on GDPR tools, AI ethics frameworks, or digital governance can use AEPD's participation to signal regulatory alignment and gain credibility with reviewers and end users. The trade-off is that their contribution is bounded by their institutional mandate: policy validation and regulatory perspective, not technical development or primary research.

Notable projects

Highlights from their portfolio

  • SMOOTH
    The largest-funded project for AEPD (EUR 29,216) and directly practical — building a GDPR compliance cloud platform for micro enterprises, where a national DPA's enforcement insight is a concrete differentiator.
  • PANELFIT
    A participatory, policy-shaping project developing a new ethical and legal framework for ICT — the kind of normative work where AEPD's regulatory authority carries real institutional weight.
Cross-sector capabilities
digital governance and AI regulationpublic sector innovation and e-governmentconsumer rights and digital markets
Analysis note: Only 2 projects, both from the same year (2018), with no keyword metadata and minimal funding — insufficient to analyze evolution or technical depth. The institutional identity of AEPD as Spain's DPA is well-established from public knowledge and is the primary basis for the expertise analysis; the project data alone would support a confidence of 1, but the organization's known statutory mandate raises this marginally to 2.