SIC Seeks to Apply the “TateQuieto” to Facebook
As it was commented in a previous article[i], following the wave of strengthening and control of the community and national legislations initiated in the European Union in relation to the acquisition, use and management of personal data, many Latin American countries began to adapt their corresponding regulations to be in tune with this international practice. But not only at a normative level this phenomenon is occurring, but also the Public Administration began to take some measures following this protection line.
In this regard, in Colombia, the Government made a “preventive nature call to the virtual platform ¨Facebook¨, in which an important amount of user data is stored and processed. According to this order, Mark Zuckerberg’s company must implement “useful and effective security measures” in this country, within 4 months, in order to increase the protection of personal data of Colombian users. But not only must implement the aforementioned measures, but also must demonstrate compliance through a certification issued by an independent, impartial, professional and specialized in information security issues, which may be chosen by the famous social network whenever it is alien to any subordination of it.
Through this “tatequieto” –Colombian slang to refer to “put an end to a conduct”-, the Superintendence of Industry and Commerce (SIC) aims to ensure the security of personal data of more than 31 million Colombians using the network Social. Therefore, the measures taken by Facebook must be “appropriate, useful, effective and demonstrable” to comply with all the requirements of the principle and duty of security in Colombian regulation, avoiding unauthorized or fraudulent access, unauthorized use or fraudulent, unauthorized or fraudulent consultation, unauthorized or fraudulent adulteration or unauthorized or fraudulent loss to the data of its users.
As mentioned in the beginning, this order is not alien to the changes that are taking place at the international level about this matter, but it is related to the facts, investigations and actions of data protection authorities that took place in the United States, Ireland, Great Britain, France, among others, and is based on the protection of personal data is a constitutional and fundamental right in the Republic of Colombia. Therefore, it would not be a surprise if similar measures are taken in the future in other countries of the region.
[i] ¨Wave of Personal Data Updates in Latam¨, by Maria Sol Porro, 29 January, 2019 (lINK: https://www.moellerip.com/wave-of-personal-data-updates-in-latam/).