Wave of Personal Data Updates in Latam
The Protection of Personal Data is a fundamental right of citizens of inexcusable application by any type of organization, both public and private. In this sense, companies, professionals or any type of organization collect and process data from natural persons (clients, patients, employees, etc.) and, therefore, they are responsible for the security and protection of such data.
In this sense, after the approval of the New General Regulation of Data Protection (RGPD) – 2016 / 679- in the European Union in 2016, with its corresponding entry into force on May 25, 2018, which has repealed Directive 95/46 / EC, the rules of the game have changed not only for the EU countries and their institutions, both public and private, but the wave of updating of the national regulations on this issue has reached Latin America, specifically we refer to countries such as Argentina, Uruguay, Chile and Brazil.
In the case of Argentina, it recently submitted a bill to Congress that would replace the Personal Data Protection Law No. 25,326, which has been in force since 2000, in an attempt to align the country’s data protection standards. with the GDPR. The bill includes the requirements for notification of mandatory non-compliance, the appointment of a DPO in certain circumstances, the right to data portability and the right to be forgotten, as well as the new liability standards. Likewise, through Resolution 159/2018, published in the Official Gazette dated December 5, 2018, the modification of the authority for the protection of personal data was ordered, and so far it has been the NATIONAL DIRECTORATE FOR THE PROTECTION OF PERSONAL DATA. With the entry into force of this resolution this year, the new Argentine authority will be ACCESS TO PUBLIC INFORMATION AGENCY.
In this matter of Chile, it has a law dedicated to data protection, Law No. 19.628 on Protection of Privacy, which was published in the Official Gazette on August 28, 1999 (the Law). Currently there is a bill in the Senate, which is about to be approved and would significantly modify Law No. 19,628 on Protection of Personal Data, in order to increase the protection of privacy to comply with international processing standards. of data and the guidelines of the Organization for Economic Cooperation and Development (OECD). It is important to highlight the fact that the Chilean data protection authority was created relatively recently in the year 2017.
With regard to Uruguay, in August of the year 2018, it has adopted a decree that demands that the majority of data controllers register their databases with the Protection and Supervision and Data Supervision Authority.
Finally, Brazil is the Latin-American country that has carried out the most radical change on this matter. On August 14, 2018, Brazil enacted the law “Lei Geral de Proteção de Dados Pessoais (LGPD)”, the first general privacy law in the history of the nation. The aforementioned law, which will become effective on February 16, 2020, is very similar to the GDPR, even in its expansive definition of personal data and its strong emphasis on both the rights of interested parties and the requirement of legal bases for processing. of personal data. This marks a very important milestone in this matter for Brazil, since previously it did not have an appropriate law to regulate the protection of personal data.
In conclusion, and as we mentioned at the beginning of this article, this legislative activity in South America follows a wave of efforts to modernize data protection laws worldwide, which includes other latitudes such as Israel, Japan and South Africa. Therefore, it is to be expected that during the course of 2019 new countries will adhere to this data protection movement.