Regulation for the Free Flow of non-personal data
On May 28th, 2019, the Regulation for the Free Flow of non-personal data in the European Union- (EU) 2018 / 1807- entered into force in the territory of the European Community, accompanied by a Guide dedicated to the same theme.
The main objective of said regulation is to grant a regulatory framework to the free movement of data and its processing, as well as to complement the Regulation on the Protection of personal data. Its ultimate purpose is to break down the barriers imposed by the UE States to the treatment and storage thereof and tend to the development of the data economy in and between the countries of the Union.
The regulation in comment deals with the figures related to big data, the implementation of self-regulation codes of companies and entities of all kinds in terms of data, the use of data under the principles of responsibility, seriousness, effectiveness, accessibility, and solidarity among the agents involved in the process, the free mobility of non-personal information, eliminating territorial and/or legal and/or contractual obstacles.
Acces to the data
The access to the data and its free flow in these documents is presented with a hint of fundamental Human Law, allowing endless activities, ranging from the request for information to know in what part of a given territory the price of gasoline is cheaper – consumer rights – until the free exchange of scientific data between public entities, universities, and individuals.
Free flow of information
However, it is noteworthy that the so-called free flow of information has its limits, which are mainly in matters related to public safety, public order and national defense or when a fundamental right is currently or imminently injured.
Likewise, and focusing on the relationship between the Free Flow Regulation and the Protection of Personal Data, it should be noted that these interact between each other when the “mixed data” is treated. Mixed data are those that are made up of personal and non-personal information. In the event that there is a set of mixed data that are undeniably linked, the Free Flow Regulation will prevail over that of Protection, as prescribed by art. 2.2 of the indicated document.
Finally, and as regards the scope of application of the aforementioned instrument, it is of a cross-border nature, and its provisions must be accepted and appropriate to the standards prescribed by it, even when the data processing service provider of countries from the Union, is established there or not. -art. 2, ap. 1 a) –
The Protection of Personal Data is a fundamental right of citizens of inexcusable application by any type of organization, both public and private. In this sense, companies, professionals or any type of organization collect and process data from natural persons (clients, patients, employees, etc.) and, therefore, they are responsible for the security and protection of such data.
In this sense, after the approval of the New General Regulation of Data Protection (RGPD) – 2016 / 679- in the European Union in 2016, with its corresponding entry into force on May 25, 2018, which has repealed Directive 95/46 / EC, the rules of the game have changed not only for the EU countries and their institutions, both public and private, but the wave of updating of the national regulations on this issue has reached Latin America, specifically we refer to countries such as Argentina, Uruguay, Chile and Brazil.
In the case of Argentina, it recently submitted a bill to Congress that would replace the Personal Data Protection Law No. 25,326, which has been in force since 2000, in an attempt to align the country’s data protection standards. with the GDPR. The bill includes the requirements for notification of mandatory non-compliance, the appointment of a DPO in certain circumstances, the right to data portability and the right to be forgotten, as well as the new liability standards. Likewise, through Resolution 159/2018, published in the Official Gazette dated December 5, 2018, the modification of the authority for the protection of personal data was ordered, and so far it has been the NATIONAL DIRECTORATE FOR THE PROTECTION OF PERSONAL DATA. With the entry into force of this resolution this year, the new Argentine authority will be ACCESS TO PUBLIC INFORMATION AGENCY.
In this matter of Chile, it has a law dedicated to data protection, Law No. 19.628 on Protection of Privacy, which was published in the Official Gazette on August 28, 1999 (the Law). Currently there is a bill in the Senate, which is about to be approved and would significantly modify Law No. 19,628 on Protection of Personal Data, in order to increase the protection of privacy to comply with international processing standards. of data and the guidelines of the Organization for Economic Cooperation and Development (OECD). It is important to highlight the fact that the Chilean data protection authority was created relatively recently in the year 2017.
With regard to Uruguay, in August of the year 2018, it has adopted a decree that demands that the majority of data controllers register their databases with the Protection and Supervision and Data Supervision Authority.
Finally, Brazil is the Latin-American country that has carried out the most radical change on this matter. On August 14, 2018, Brazil enacted the law “Lei Geral de Proteção de Dados Pessoais (LGPD)”, the first general privacy law in the history of the nation. The aforementioned law, which will become effective on February 16, 2020, is very similar to the GDPR, even in its expansive definition of personal data and its strong emphasis on both the rights of interested parties and the requirement of legal bases for processing. of personal data. This marks a very important milestone in this matter for Brazil, since previously it did not have an appropriate law to regulate the protection of personal data.
In conclusion, and as we mentioned at the beginning of this article, this legislative activity in South America follows a wave of efforts to modernize data protection laws worldwide, which includes other latitudes such as Israel, Japan and South Africa. Therefore, it is to be expected that during the course of 2019 new countries will adhere to this data protection movement.