Protection of personal data is an issue that has gained relevance in the last year in all parts of the world. An example of this phenomenon is the implementation of the General Regulation of Personal Data (GDPR) in the European Union in 2018 or the new laws, modifications to the current ones or judicial decisions on the matter, that Latin American countries began to implement to be in accordance with the community regulations.
In this respect, in a recent judicial ruling, the Supreme Court of Justice of the Nation of Mexico (SCJN) analyzed the pertinent period to keep personal data within the Law for the Protection of Personal Data in Possession of Obligated Subjects of the State of Guerrero and determined the invalidity of a portion of the regulations since it established generic terms for the preservation of personal data.
In this sense, the Court understood that this generic term was in violation of the right to the protection of these data, since the treatment of them requires individualization in each specific case, so to decide what deadlines to apply should be attended to the applicable provisions in the matter in question.
As a …Read More
On May 25, 2018 the European Union, after its approval in Parliament and its European Council, came into force the General Data Protection Regulation (GDPR), in order to unify the regulations of all the Member States on the matter. Faced with this new regulation, which affects both, citizens and European companies, the complex exit of the United Kingdom from the Union, for which a new date has been set for October 31st* of this year, is one of the biggest concerns for the community companies that operate in the Anglo-Saxon country.
Faced with this situation, different hypotheses are presented taking into account whether the English House of Commons decides to leave the EU with an agreement, also known as the “Soft Brexit”, or without agreement, giving way to a Hard Brexit”.
In the event that the exit situation happens within an agreement, or the so-called “Soft Brexit”, the GDPR will continue to be applicable during the transition period set by the aforementioned agreement, creating a period of transposition of laws as a result. From that date, the United Kingdom would have until December 31st, 2021 to sign new treaties with the European Union, …Read More
The interaction of Personal Data Protection and Artificial Intelligence (AI) becomes particularly interesting when issues arise from the use of personal data with AI.
The new General Data Protection Regulation (GDPR) of the European Union (EU), which entered into force on 25 May 2018, aims to give control to citizens of and residents in the EU over their personal data.
Regarding AI, in particular, GDPR aims to create transparency rights and safeguards against automated decision-making, meaning decisions that are made by machines when personal data is used.
In essence, GDPR states that:
When companies collect personal data, they have to say what it will be used for, and not use it for anything else.
Companies are supposed to minimize the amount of personal data they collect and keep, limiting it to what is strictly necessary for those purposes stated. They also are supposed to put limits on how long they hold that data, too.
In short, companies must tell people what data they hold on them, and what’s being done with it.
Companies should be able to alter or get rid of people’s personal data if requested.
If personal data is used to …Read More