Both SMOOTH and PANELFIT directly address GDPR compliance and ethical-legal frameworks for ICT, reflecting AEPD's core statutory mandate.
AGENCIA ESPANOLA DE PROTECCION DE DATOS
Spain's national data protection authority — regulatory expertise in GDPR enforcement, ICT ethics, and privacy compliance for EU research consortia.
Their core work
The Agencia Española de Protección de Datos (AEPD) is Spain's national supervisory authority for data protection — the public body that enforces GDPR, investigates complaints, issues binding guidelines, and imposes fines on organizations that mishandle personal data. In EU research projects, they contribute regulatory authority and direct enforcement experience: they know how the law is actually applied, where companies fail compliance, and what regulators look for. Their H2020 participation is narrow and targeted — they joined consortia where their authoritative perspective on data protection law and ICT ethics was the specific asset needed, not to conduct technical research. For any project touching privacy-by-design, GDPR compliance tooling, or digital rights frameworks, AEPD brings something no university or tech company can replicate: the perspective of the regulator who will actually enforce the rules.
What they specialise in
As Spain's national DPA, their role in PANELFIT — developing a new ethical and legal framework for ICT — directly draws on their policy and rulemaking authority.
SMOOTH targeted GDPR compliance tooling specifically for micro enterprises, an area where AEPD has enforcement visibility into where small businesses most commonly fail.
PANELFIT used participatory approaches to shape ethical and legal norms for ICT, aligning with AEPD's advisory and standard-setting functions.
How they've shifted over time
With only two projects, both launched in 2018, there is no meaningful timeline evolution to analyze — AEPD's H2020 engagement was brief, focused, and did not span multiple phases. Both projects address the same thematic core: data protection law and ethics in digital contexts, which is unsurprising given that 2018 was the year GDPR came into force, creating strong demand for regulatory expertise in research consortia. There is no evidence of a shift in focus because the dataset does not extend beyond that single entry point.
AEPD's H2020 activity was concentrated entirely in 2018 around GDPR enforcement topics; whether they have continued engaging in EU research beyond this period cannot be determined from this data, but their institutional mandate makes them a natural authority partner for any future project on AI regulation, data governance, or digital rights.
How they like to work
AEPD participates exclusively as a partner, never as project coordinator — consistent with a public regulatory body that contributes expertise rather than managing research workflows. With 25 unique consortium partners across 10 countries from just 2 projects, they joined sizeable, multi-stakeholder consortia rather than small focused teams, suggesting they are sought out to add regulatory credibility and legitimacy to larger collaborative efforts. Working with them likely means well-defined advisory or validation tasks rather than hands-on technical delivery.
Despite only two projects, AEPD connected with 25 distinct partners across 10 countries — an unusually broad network footprint for such limited participation, reflecting the large consortium sizes typical of IA and CSA funding schemes. Their network skews toward the EU digital policy and ICT research community rather than any single geographic cluster.
What sets them apart
AEPD is not a research organization — it is the Spanish state authority that actually enforces data protection law, which gives it a positioning no university research group or consultancy can replicate in projects dealing with privacy and digital rights. Consortium builders working on GDPR tools, AI ethics frameworks, or digital governance can use AEPD's participation to signal regulatory alignment and gain credibility with reviewers and end users. The trade-off is that their contribution is bounded by their institutional mandate: policy validation and regulatory perspective, not technical development or primary research.
Highlights from their portfolio
- SMOOTHThe largest-funded project for AEPD (EUR 29,216) and directly practical — building a GDPR compliance cloud platform for micro enterprises, where a national DPA's enforcement insight is a concrete differentiator.
- PANELFITA participatory, policy-shaping project developing a new ethical and legal framework for ICT — the kind of normative work where AEPD's regulatory authority carries real institutional weight.