By Maria Sol Porro, Trademarks Lawyer, and University Professor
The new filter that allows users to age their faces has caused FaceApp to be in the number one of downloads, on the one hand, and in the eye of the storm, on the other. The alarm has jumped when it has been discovered that the app does not notify at any time that the photos are processed in the “cloud”. When a photo is uploaded so that the faces appear older, younger or of another sex, the application sends it to a server that processes the file and returns it to us with the desired retouching, giving access to said data to all the signatures of the group Russian ¨Wireless Lab¨, the owner of FaceApp, as well as those unknown companies that become “affiliates.”
The National Authority for the Protection of Personal Data (ANPDP), which belongs to the Ministry of Justice, imposed fines for a total of $ USD 232,271.- to public and private institutions that violated the personal data protection law. According to the Peruvian law which governs this matter (Law No. 29733 of Protection of Personal Data of Peru), the processing of personal data requires, as a general rule, obtaining the free, prior, informed, express and unambiguous consent of its owner, except as provided in the law. Likewise, security measures must be implemented to protect the collected personal data, such as documenting security protocols for access and privilege management, as well as periodically reviewing the aforementioned privileges, among others.
Example of this new policy followed by the National Data Protection Authority was one of the last sanctions imposed on ¨Supermercados Peruanos S.A.¨, which had collected personal data without the authorization of its clients. Likewise, security measures were not implemented and the Authority was not notified of the transfer of data outside the Peruvian territory.
Also, during 2018, the ANPDP also prepared 105 final reports of instruction, made 283 visits to public and private institutions on personal data, and …Read More