What advances have been made in the discussion of data protection law?
by Digital Rights LAC on September 19, 2013
One of the most long- awaited legal reforms in Chile concerns the law which regulates the protection of private life, owing to the inefficient way in which the current law operates. After more than one polarised debate, the new bill continues its passage through parliament and here we report some important new updates.
By Daniel Álvarez *
In Chile, the handling of personal data has been regulated since the year 1999. This year, law number 19,628 was passed which, notwithstanding its title of “for the protection of private life” is, in fact, about the legal regulation of the market in handling personal data.
Although the law recognises a series of rights to individual data subjects, these rights must be exercised through the civil law courts, in lengthy and expensive proceedings, constituting an insurmountable barrier for the ordinary citizen. In fact, to date, after the laws have been in force for more than 14 years, no sentences for unlawful handling of personal data have been handed out by this route.
Faced with this lack of protection, some of the citizens affected have had to resort to other legal means, such as taking protective action by putting into effect constitutional guarantees, with uncertain and inconsistent results, which does not provide people with an adequate level of protection of their rights either.
This poor regulatory state of affairs has caused Chileans’ personal information to circulate freely and legally through a multiplicity of companies dedicated to the handling of personal data and to be frequently exchanged among companies that offer commercial, financial, health and telecommunications services among others, seriously affecting the right to a private life guaranteed by the Constitution. Also, in the last few years, there have been reports of trafficking in databases leaked from public services to commercial enterprises, and these practices have not been sanctioned in any way either.
It has also meant that our country is not eligible to offer certain kinds of services that require intensive handling of personal data, since it cannot rely on adequate standards of protection of personal data, as required by European legislation.
During the last decade, concern for the protection of personal data in particular, and protection of people’s private lives in general, has considerably increased. In fact, over 60 legislative initiatives (both motions and messages) have been presented to the National Congress seeking to raise the standards of protection. Only three of these have been approved and, regrettably, these have only been minor reforms.
During the government of Sebastian Piñera a new bill was introduced which is about to be presented by the Economic Commission of the Chamber of Deputies (No. 8143). Despite its multiple deficiencies and errors, it has made it possible to open up the legislative debate
and to incorporate higher standards of personal data protection through amendments put forward by the deputy Patricio Vallespín
In particular, the following have been approved:
i) Legal recognition of biometric information as sensitive data;
ii) The establishment of a new type of penal offence, unheard of before in our country, that sanctions the improper trafficking of personal data when a significant number of people are affected, making applicable the provisions of the law No. 20,393 on the penal responsibility of legal entities;
iii) The requirement of expressed consent in the case of international transfers of personal data;
iv) The establishment of the obligation to pay costs for whoever is responsible for data handling who has broken the law;
Moreover, the most criticised aspects of the bill, which gave powers to the National Consumer Service, ‘ a toothless tiger’ in matters of data protection, and rules that proposed a private mechanism for preventing infringement of the law by means of certification authorities , were both rejected.
However, the debate that should be at the top of the agenda is the establishment of a supervisory authority with regard to data protection, which means we can count on an independent public agency to protect, promote and enforce the law in this matter, following the examples of Spain, Mexico and England. Now is the time. The rights of individuals can’t be kept waiting any longer.
* Daniel Álvarez es legal director of NGO Derechos Digitales
E-mail: daniel @derechosdigitales.org