The Council of Ministers has proposed Lorenzo Cotino, professor of Constitutional Law at the Universitat de València, as president of the Spanish Data Protection Agency (AEPD), highlighting his extensive academic and professional experience in areas such as data protection, transparency, and digital rights. This appointment must be ratified by the Congress of Deputies.
Lorenzo Cotino has a solid background as a jurist and educator. He holds a Ph.D. and a law degree from the Universitat de València, a master’s in Fundamental Rights from ESADE (Barcelona), and a degree in Political Science from the UNED. Since 2017, he has been a professor of Constitutional Law at the Universitat de València, an institution where he has also led numerous research projects focused on privacy, digital transformation, and artificial intelligence.
Among his achievements, he has published 13 books, coordinated 22 collective works, and authored more than 180 scientific articles and book chapters. His contributions to academia have earned him research awards from institutions such as the Ministry of Defense and the INAP (National Institute of Public Administration), as well as the Extraordinary Doctorate Award.
In his professional career, Cotino has combined teaching with significant involvement in public administration. He served as an alternate judge at the High Court of Justice of the Valencian Community for 19 years and has been a member of the Transparency Council of the Valencian Community since 2015. Additionally, he heads privacy and rights at OdiseIA, the Observatory of Ethical and Social Impact of Artificial Intelligence, and coordinates national networks of specialists in law and new technologies.
Challenges in Data Protection
Lorenzo Cotino has expressed his gratitude for the proposal, emphasizing the honor and responsibility of leading an independent and prestigious institution such as the Spanish Data Protection Agency: “It is an honor and an enormous responsibility to be chosen to lead such an independent and prestigious institution as the Spanish Data Protection Agency, especially given the high caliber of the candidates, all with outstanding careers. The open selection process, involving a committee of experts, adds special value to this recognition for the University of Valencia, as one of its most prominent academics in this field is being proposed, with 25 years exclusively dedicated to the university and to the protection of fundamental rights and privacy in digital environments. At the same time, I must acknowledge the significant challenge of leading an institution with about 250 top-level professionals and a budget of over 20 million euros.”
It is an honor and a great responsibility to lead the Spanish Data Protection Agency.
On the main challenges facing the AEPD, Cotino highlighted the increasing complexity of the digital environment: “The Spanish Agency is one of the most prestigious in the European Union, and the previous director, who served for 10 years, left a high standard both within the organization and in its social projection. The AEPD is facing exponential growth in complaints that require appropriate responses, which is not an easy task. Additionally, there are challenges arising from the massive use of personal data in increasingly complex technological environments. Artificial intelligence, often used to process personal data with techniques that significantly impact rights—such as emotion recognition, biometric data, facial recognition, and the access and reuse of health data for research and other public interest purposes—raises legal questions that require clear and coordinated responses at the European level. My goal will be to strengthen the Agency’s response capacity while fostering constant collaboration with our European partners.”
My goal will be to strengthen the Agency’s response capacity while fostering constant collaboration with our European partners.
Regarding the balance between privacy and technological innovation, Cotino stressed the importance of reconciling both aspects: “Although it may sometimes seem otherwise, privacy and innovation are not opposing concepts but complementary ones. Behind the data are people and fundamental rights that must undoubtedly be protected in all technological contexts. However, it is also important to emphasize the principle and right to technological progress, which enables and promotes innovation by public authorities, society, and the private sector without unnecessary barriers. The goal is to achieve a dynamic balance where data protection is not a barrier but a guarantee for sustainable and people-centered digital transformation. It is essential to increasingly focus on privacy and ethics by design and by default—essentially, ‘prevention is better than cure’—ensuring that any technological development considers privacy, fundamental rights, and legal compliance from the outset.”
Achieving a dynamic balance where data protection is not a barrier but a guarantee for sustainable and people-centered digital transformation is essential.