Home / People / José Luis Piñar
Portrait of José Luis Piñar

José Luis Piñar


CMS Albiñana & Suárez de Lezo
Paseo de Recoletos 7–9
28004 Madrid
Languages Spanish, English, Italian

José Luis Piñar is a Consultant of the TMC department at CMS Albiñana & Suárez de Lezo. He is an esteemed legal professional and one of Spain’s leading experts in data protection and IT law.

He is a former Director of the Spanish Data Protection Agency, Vice president of the European Group of Data Protection Authorities and Founder and inaugural President of the Latin-American Data Protection Network, among other positions.

At present, he is a Professor of administrative law at the Universities of Castilla-La Mancha and CEU San Pablo de Madrid and chairs the Public Law section at the General Codification Commission of the Kingdom of Spain. In addition, he is also an Honorary Member of the Spanish Privacy Association (APEP) and of the “Experts Group on Digital Rights of the Citizens”, not to mention his role as Vice chairman of the Law, IT and Knowledge section at the Royal Academy of Jurisprudence and Legislation.

He also acted as an international expert for the Advisory Council to Google on the Right to be Forgotten.

In 2018, he was presented with the ENATIC award for the Best Digital Legal Professional and this year scooped the ISMS Forum’s Cyber Security & Data Protection Award in recognition of his outstanding career.

more less


  • 1985 - Doctor of Law, Universidad Complutense de Madrid (Spain).
  • 1984 - Diploma in Constitutional Law and Political Science, Centro de Estudios Constitucionales, Madrid (Spain).
  • 1979 - Graduate of Law, Universidad Complutense de Madrid (Spain).
more less


Data pro­tec­tion: ad­opt­ing se­cur­ity meas­ures as an ob­lig­a­tion of means,...
José Lu­is PiñarThe 3rd Cham­ber of the Su­preme Court’s rul­ing of Feb­ru­ary 15, 2022 (ap­peal no. 7359/2020) has shed some light on data pro­tec­tion se­cur­ity meas­ures.In short, the Span­ish Data Pro­tec­tion...
In­ter­na­tion­al data flows after Schrems II: chal­lenges and solu­tions
CMS Spain in­vites you to join a we­bin­ar in Eng­lish and Span­ish, which will ana­lyse the latest de­vel­op­ments in in­ter­na­tion­al data trans­fers in the EU, in­clud­ing the Schrems II case and Brexit.  The Schrems...
Guide on in­ter­na­tion­al data trans­fers – Draw­ing on the Schrems II Case
On 16 Ju­ly 2020, al­most five years after the Safe Har­bour Agree­ment between the European Uni­on and United States was ruled in­val­id, the Court of Justice of the European Uni­on de­livered a judg­ment on...
Gen­er­al Data Pro­tec­tion Reg­u­la­tion: two years of ac­count­ab­il­ity
The date 25 May 2020 marks the second an­niversary since the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR) be­came ap­plic­able, rep­res­ent­ing a shift from a com­pli­ance veri­fic­a­tion ap­proach to an ac­count­ab­il­ity-based...
CMS ad­vises Fer­rovi­al and Wondo on the launch of a lead­ing mo­bil­ity-as-a-ser­vice...
CMS has ad­vised Fer­rovi­al (through sub­si­di­ary Wondo) on the launch of its joint app with Moovit to cre­ate a lead­ing mo­bil­ity-as-a-ser­vice plat­form.  The team was formed by: Javi­er Torre de Silva, Car­los...