During the second week of March of the current year, the President signed a bill, whose origin took place in the proposal that regulates the protection of personal data treatment and creates the Personal Data Protection Agency.
This bill introduces some important amendments to Law Nº 19.628 About the Protection of Privacy, adding an update to the legal definitions, as well as an array of new guiding principles that have been already recognised by the OECD.
Among the backgrounds that the document mentions, previous to the articles drafting, it mentions the development of the digital economy and the international context in which Chile is nowadays standing, notably making reference to its current standing within the OECD and the challenges that its guidelines propose regarding these matters.
This bill, besides looking forward to upgrade the legal and institutional framework of the natural person’s data treatment, it also establishes specific objectives, such as “Rely on a control authority of a technical nature and a public institutionality able to undertake regulatory and auditing challenges in the subjects of defence of the people and the treatment of personal data”, among others.
The document describes the new legislation basis, especially considering, and taking a central principle of data treatment, the permission of the users.
A central point of this bill is the recognition of the data owner to the “ARCO rights” namely, Access, Rectification, Cancellation and Opposition. Said rights are of an indisputable, gratuitous, and devoid of conventional limitation nature.
Thus the bill outlines each of these rights: “The access right allows to request and acquire a confirmation about the data that is actually being treated by a third party and grants access to it. The rectification right seeks the ability to modify or complete the data when this is inaccurate or incomplete. Cancellation aims for the right to deletion of the data in the cases foreseen by the law. The opposition right allows to request that the data is not used in a determined manner, also in the cases foreseen by the law”.
The bill also intends to take into account the “Right to be forgotten” with regards to criminal, civil, administrative and disciplinary offences, seeking to diminish the access to unfavourable information which affects the people social reputation, looking for at the same time, to establish a rightful balance with the right of access to information and the public interest regarding the latter.
To ensure the data protection, the bill incorporates an accountability regulation for those who are responsible of the data, hence, a set of rights and duties is established for them, “such as attest the lawfulness of the data treatment, duty to inform, duty of secrecy and confidentiality, duty of information and disclosure, and the duty to adopt security measures and to inform any breaching of such measures”.
Maybe the greatest innovation of the bill is the regulation of the “Big Data”, meaning the regulation of the automatized treatment of large volumes of data, safeguarding the control of the data owner about his/her own information, but also acknowledging the legality of the use and access by third party and specifically of companies.
Francisco Mulatti, Lawyer.
Photo: Rita Morais (CC0)