Spain: Data Protection Agency published guide on protecting privacy while using AI tools

On 27 January 2026, the Spanish Data Protection Agency (AEPD) released a guide on protecting privacy while using AI tools. The guide provides ten recommendations, including advising users not to upload personal data and, in particular, to avoid sensitive data such as health, financial, contractual, geolocation and travel or accommodation data. Further, the guide advises users to review AI service terms and select safer versions, noting data flows including cookies, IP addresses, tracking and usage data, metadata, device data, contacts and location. Users should respect the privacy of third parties, especially minors, and not use images of other people to generate content, while avoiding inputting confidential professional information. Users are advised to seek specialised professional, emotional or psychological support from professionals rather than AI, should they require advice with personal situations.