1. Introduction: MERCOSUR-EU Agreement and the legislation on Data Protection
As is well known, last year, after several rounds of negotiations, the agreement between Mercosur and the European Union on economic matters emerged. Said agreement included matters related to customs duties, exchange of goods and services, sanitary measures, intellectual and industrial property rights, SMEs, dispute resolution, among other issues of relevance to both blocks.
Among these issues, although not as an integral part of the text of the agreement, discussions related to the Protection of Personal Data were also included. Currently, the States of the European Union are governed by the General Data Protection Regulation, or by its acronym, the GDPR, which is mandatory since May 25, 2018. During her visit to Argentina, in July of last year, the European Commissioner for Justice, Consumers and Gender Equality Vera Jourova, spoke about the benefits that the regulation and harmonization of data protection legislation would bring to both blocs.
For sure the EU is at the forefront in this matter, and in order to enable the advancement of this agreement for both blocs and above all, for the MERCOSUR countries, it is necessary that their laws harmonize with the provisions and principles of the GDPR, as which would bring about a quantitative and qualitative leap towards respect for the individual rights of people, the self-determination of the person regarding the processing of their data on the internet and in files, the final recognition of data protection as a fundamental human right, among other conquests.
Nowadays, in the current global situation of the coronavirus pandemic that hits the whole world, the negotiations have stalled, since there are urgent issues to address regarding the countries that make up each block. However, it is noteworthy that the will to move forward is intact.
That is why is necessary to carry out a review of the situation in which the laws of the MERCOSUR countries are in relation to the Protection of Personal Data, and why it is almost mandatory to use this time to be able to adapt them to the required standards by the EU in order to finally reach the conclusion of the negotiations carried out at the time of carrying out the revision of the Agreement between the two trade blocs.
2. Country by Country: MERCOSUR-EU Agreement and the legislation on Data Protection
The law that regulates the protection of personal data in Argentina is Law 25326, enacted on October 4, 2000, and is currently in force.
This law regulates what pertains to the treatment of personal data, its classification, the principles that should govern its treatment, international transfer of data, the rights of its owners, and the resources and actions that they have both administrative as well as judicially to obtain the deletion, rectification, modification, addition and correction of the data found in files or databases, both public and private, and the obligations of the owners of said files or databases when collecting and processing personal data.
In Argentina, the enforcement authority regarding Personal Data and Access to Public Information is the National Agency of Access to Public Information, which has a secretariat that is in charge of regulating and supervising everything related to personal data and the compliance of the Personal Data Protection law, which is the National Office of Protection of Personal Data.
In 2018 a Bill was presented to amend the Data Protection law and bring it as closely as possible to the GDPR standards, but unfortunately, the bill lost parliamentary status this year.
In 2018 it was sanctioned the new Law on Personal Data Protection – No. 13,709 LGPD-. On August 26 the Brazilian Parliament decided that the suspension of its enforceability would not be extended, so it is the law that is currently in force in Brazil to regulate everything related to the protection of the personal data of natural persons, processed both within the borders of the country, and by foreign companies that process data of persons located in Brazil.
This law has many points in common with the European General Data Protection Regulation, establishing an adequate legal framework regarding the collection, processing, and storage of personal data in general and sensitive data in particular, as well as the obligations and responsibilities of those –processors and controllers- who collect, process, select and store personal data, and may be liable –in case of non-compliance with the provisions of the law-, to be sanctioned administratively, civilly and criminally.
Likewise, it establishes the rights of the holders of personal data to grant informed consent for the collection and processing of their data and to control access, correction, rectification, updating, anonymization, and deletion of their data that are contained in databases both public and private.
For this law, it is mandatory -in certain cases- the need to have a Data Protection Delegate, and the enforcement authority is the National Data Protection Agency of Brazil.
In Paraguay, the Protection of Personal Data is regulated not only in the country’s Constitution but is also based on Laws No. 1682/2001, 1969/2002, which amends the first one and Law 5542 / 2015.
This set of laws regulate, among other issues: the processing and treatment of personal data contained in files, records, and public and private databases. The collection, processing, and treatment of personal data is only allowed for scientific, economic, statistical, or marketing purposes.
However, the current legislation establishes nothing regarding the figures of the database administrator; but it does regulate obligations pertaining to those responsible for said bases. Nor does it make a distinction between processors and controllers. Nor does it establish any obligation to report data breaches or incidents that occur with personal data.
The international transfer of data and its regulatory framework is not established in the legislation of Paraguay.
Likewise, there is no authority in Paraguay that regulates matters relating to the Protection of Personal Data and compliance with the law.
Finally, although the law does not establish anything regarding the possibility of making claims before administrative or judicial entities for violation of Personal Data, the penalties are established by other regulations, which allow those whose data have suffered any violation the right to claim before civil or criminal justice the pursue of a compensation.
There is a bill presented to the Paraguayan Parliament in 2019.
In Uruguay, personal data is ruled by Law No. 18,331, amended by Law No. 19,670, whose regulatory decree 64/020 modified certain articles of the first-mentioned law.
The law regulates the following aspects: a) it establishes a sort of glossary with definitions pertaining to personal data and the principles applicable; b) it also regulates the registration of the databases of the entities that collect and process personal data, whether they are located in Uruguay or process personal data of persons residing in Uruguay -under certain circumstances-; c) Establishes for public and private entities the need to have a Data Protection Officer and its obligations and responsibilities thereof; d) the need to have the informed consent of the owner of the data to collect, process and treat said data; e) the international transfer of data, the cases in which it proceeds and the requirements to transfer data to third parties; f) the obligations of the person in charge and the administrator of the databases; g) In the event of personal data breached or incidents that occur with them, the collectors, processors and responsible of the databases has to give notice and take the necessary measures to minimize risks; h) administrative sanctions concerning non-compliance with the rules contained in the law, ranging from warning to imposition of fines.
The application authority in the field of Data Protection in Uruguay is the Regulatory and Control Unit of Personal Data.
In February 2020, Law 19,670 was regulated, which among other issues complements Law 18,331 in terms of: 1) the adoption by the person responsible for the treatment of technical and/or organizational security measures to avoid and/or minimize incidents and breaches that may occur with personal data; 2) the promotion of national and international standards on cybersecurity; 3) the documentation of such measures and the planning and impact assessment regarding Personal Data.
3. Conclusion: MERCOSUR-EU Agreement and the legislation on Data Protection
After having made a brief reference to the Agreement between the European Union and Mercosur and the current state of the negotiations, reviewing the legislative situation of some of the countries that make up this last regional bloc, the truth is that it is essential to have an adequate level of protection of personal data, especially due to the extraterritoriality principle generated by compliance with the provisions of the GDPR and the cross-border flow of data.
Today we are witnessing a new era in human rights, where digital self-determination is no stranger. Where the right to digital existence of people cannot be overwhelmed over other issues such as those of an economic nature. That existence must be protected against any kind of violation.
Likewise, it is necessary to harmonize the laws of both economic blocs, which pushes MERCOSUR to take all the necessary steps to adapt its laws and regulate this new human right as an imperative, in order to achieve safer agreements in pursuit of a conciliatory and protective globalization of this new right that appears today.
Finally, it is worth highlighting the position that countries such as Argentina and Uruguay have in terms of recognition by the European Union regarding the adequate level of protection that these countries ensure to Personal Data, which places them at the forefront in the region.
However, it is mandatory for Argentina to update its law in order to continue maintaining that position in the face of the constant requirements of a globalized world both materially and digitally.
Through Resolution DINAPI/RG/N° 10/2016, issued by the Paraguayan Patents and Trademarks Office (henceforth DINAPI) on October 31, 2016, has changed the way in which trademark registrations are renewed.
As of November 7, 2016, all renewals must be filed through the electronic form that was approved by DINAPI on July 1, 2016. Furthermore, this resolution ordered the DINAPI’s Informatics Department to develop a mechanism for constant update of the information in the databases of the Office, in order to simplify and speed up the uploading of renewal applications.
Finally, this resolution prohibits DINAPI’s administrative employees from receiving any renewal applications that are not filed in the new forms.
With these changes, the whole procedure will most likely be much faster and simpler, both for the applicants and for the DINAPI employees, who will have a more complete database, access to information and an easier task when approving applications.
Despite the fact that most times changes are rejected or looked down upon by the society, who is used to a way of proceeding, the new methodology provides a new level of transparency to the DINAPI system and database. This will hopefully strengthen the DINAPI’s management and provide a better service.
Resolution DINAPI/RG/N° 10/2016, available in Spanish under: http://www.dinapi.gov.py/application/files/2714
Renewal form: http://www.dinapi.gov.py/index.php/Read More
The Paraguayan Customs Authority, after receiving inside information, ordered the seizure of a shipment arriving at Asunción’s International Airport “Silvio Pettirossi”’s main terminal.
This inspection took place on September 27, 2016, when special agents of the Customs Investigation Administrative Coordination (CAIA) proceeded to control the paperwork of shipments, as well as the cargo. From this inspection, the officers found a box containing a white colored dust, of about 26 kilograms. Allegedly, this products was “xanthum gum,” as was detailed in the cargo documents.
This element is used in chemistry, and difying the texture of food products, emulsifying cosmetics and pharmaceutical products. It is also used in the oil industry, as well as in heavy machinery and mining.
However, and after a series of tests, it was proven that the product was not, in fact, xanthum gum, but rather lidocaine, a legal substance, but with illegal uses, such as cutting and bulking illegal drugs.
The cargo containing the lidocaine was shipped from the People’s Republic of China, and made port in the United States of America and the Argentine Republic before being seized in Paraguay, where its final destination was Ciudad del Este.
This shipment was found to be in violation of the local regulation in connection to this particular chemical product (Resolution No. 563 of year 2009). In fact not only were the minimum requirements for the commercialization of lidocaine overlooked, but the shipment was also concealing another product.
The Public Ministry continues the investigation.
The Paraguayan Customs Authority continues efforts to detect and stop the trafficking of substances for human, animal and vegetal use, and deterring illegal use.
The International Anti-Counterfeiting Coalition (IACC) recently filed a report before the U.S. State Department highlighting the efforts of the Paraguayan National Office of Intellectual Property (DINAPI), in the fight against piracy and counterfeiting.
The IACC is a non-profit organization dedicated to fighting against counterfeiting and product piracy and guides work by countries in this area. It also proposes which nations should be included in the Watching List 2016. In an effort to ensure its members’ intellectual property rights are safe from illegal copying, infringement and other forms of theft, the IACC engages in substantive dialogue with governments and rights-holders around the world.
With regard to Latin American countries, the IACC recommends DINAPI authorities take the necessary steps to improve the system of intellectual property rights, such as strengthening coordination between law enforcement and customs officials, and among trading partners in the region, such as Brazil and Argentina.
Paraguay has been monitored by the office of the United States Trade Representative (USTR) since 1998. Subsequently, a memorandum of understanding with the U.S. government was signed, after which Paraguay was removed from the List of Special Enforcement 301, which reflected a new image for the country internationally.
For more information about IACC, please click here.
If you are interested in reading the complete recommendations send by IACC to the office of the United States representatives please click here.
The Paraguayan Patent Office (DINAPI) recently issued Resolutions RG 28/2015 and RG 01/2016 establishing a grace period until February 29, 2016, for the payment of pending substantive examination and annuity fees, respectively. After that date, DINAPI will declare ex-officio all patent applications not having paid said fees lapsed and/or abandoned.
Article 30 of the Paraguayan patent law establishes that failure to pay maintenance fees for a patent application or a patent will cause it to lapse.
However, before resolution RG 28/2015 there was not unified criteria on whether DINAPI should declare a patent application or a patent lapsed ex-officio or by request from a party.
Likewise, Article 25 of the Paraguayan patent law establishes that the substantive examination will be performed after the applicant pays the corresponding fees, which have to be paid within three years from the filing date. Otherwise the application will be deemed withdrawn.
However, before resolution 04/2015 of April 6, 2015, in practice the substantive examination fee did not have to be paid until the application was ready for the substantive examination, that is, after the application had been subjected to the preliminary examination and the publication.
Local PTO (DINAPI) authorities verified alleged counterfeited goods in the private port of “Caacupemí” in Paraguay. Approximately 9,580 boxes containing cell phones identified with well-known trademarks along with their accessories were seized.
About 20,000 watches with distinctively known brands, 32,000 sunglasses, 10,000 shaver accessories and ladies wallets identified with the trademark “Lois Vuitton” and “Saint Laurent” were also seized. The total value of the retained goods is approximately $13.7 million.
DINAPI is the local authority that fights against piracy and counterfeiting in order to improve the commerce of Paraguay.
Source: www.dinapi.gov.pyRead More
The local PTO (DINAPI), seized a container with an approximate total value of $ 2,900,000 in the city of San Antonio. This city is located along the River Paraguay (Rio Paraguay).
The seizure was carried out jointly with the Customs Administrative Coordination (Coordinación Administrativa de Investigación Aduanera CAIA) which depends on the National Customs Directorate (Dirección Nacional de Aduanas) and the district attorney’s office.
The seized container included diverse type of products: about 25,750 units of perfumes with famous trademarks; 62 boxes with 60 Olympia´s balls each. Likewise, they had corroborated makeup products, clothing items attached with world known brands widely used among consumers.
Source: www.dinapi.gov.pyRead More
The National Office of Intellectual Property (DINAPI) endorsed a Memorandum of Understanding with the Spanish Patent and Trademark Office (SPTO). The agreement includes the development of a program of institutional cooperation concerning intellectual property.
The agreement will run for three years, automatically renewed. The goal of the cooperation is to increase assistance between both trademark offices in the field of industrial property. The document also outlines contributions of human and material resources, and technical capacity for the implementation and fulfillment of the objectives, as well as encourages exchange of patent data.
The document establishes the implementation of technical training programs in the areas of patents and trademarks, as well as training projects in relation to search of technological information, and the direct participation of examiners chosen jointly by the SPTO and DINAPI.
Source: www.dinapi.gov.pyRead More
The Paraguayan Patent Office (DINAPI) recently issued Resolution No. 19/2015 extending the deadline to pay the substantive examination fee for patent applications until December 30, 2015.
The previous deadline of July 10, 2015, had been established in April 2015 by means of Resolution No. 04/2015.
Paraguayan patent law establishes that the substantive examination will be performed after applicant pays the corresponding fees, which have to be paid within three years from the filing date, or the application is deemed withdrawn.
However, before resolution 04/2015, in practice the substantive examination fee did not have to be paid until the application was ready for the substantive examination, that is, after the application had been subjected to the preliminary examination and the publication.
After the extended grace period of December 30, 2015, all patent applications affected by the resolution that have not paid this fee will be deemed to be withdrawn.
The Senate recently approved by a large majority a project which “urges respect for national laws and international treaties signed and ratified by the Republic of Paraguay concerning intellectual property.” This project is known as “Resolution No. 91” (Declaración N° 91).
The bill was introduced by Senator Miguel A. Saguier, who argues that authors, performers and producers, as well as collective management organizations, are losing rights “by people who pretend to ignore the rights given by the laws and their scope.”
Article No. 2 of the bill stipulates the “support for authors and Cultural Workers and especially the musical field, so that they can continue creating, playing freely, for the enjoyment of Paraguayans as well, with the right to a fair remuneration.”
For more information regarding this project, click here
Source: www.dinapi.gov.pyRead More