/ Chilean Senate Comission approves the new Data Protection Agency. Challenges in the new institutionality

29 November, 2017

The scope regulate special statutes of data protection (personal, sensitive, health, biometrics, geolocator, children and adolescents) and also regulate the international data transfer.

On March 11th, 2017, the government merged two data protection bills that were submitted this year to the congress, the Senate Motion Bulletin 11092-07 with the presidential message bulletin 11144-07, to amend the law No. 19,628 on Protection of Private Life, dating from 1999, adapting the Chilean standards to those stated by the Organization for Economic Cooperation and Development (OECD), of which it is party since 2010.

To date, the draft law l is in the first legislative passage before the Senate, with an office to the Supreme Court for the review of the legal aspects.

The modifications proposed by this legislative initiative will imply a substantial change in the currently regulatory scenario on data collection and processing, leading to challenges in this matter.

In first place, the draft law states the creation of a Personal Data Protection Agency, responsible for overseeing, monitoring and protecting the rights enshrined in the Law, with powers to regulate, supervise, control, and ultimately sanction violations of the law, of which any affected owner may be subject to. Therefore, all those entities who collect and process data must relate to this new regulatory entity, which will supervise, control, and ultimately sanction non-compliance with the Law.

Secondly, this bill empathizes the strengthening of the rights of the holders of data, through the incorporation of the guiding principles recognized in the OECD Guidelines, and the recognition of the so-called ARCO rights, the right of access, rectification, cancellation and opposition, Moreover, It will imply that the companies and individuals that collect and perform data processing should revise that the aforementioned activities comply with those principles, and that they will have the appropriate response tools, in the event that a holder makes use of his ARCO rights.

Finally, the bill incorporates a specific regulation for the international transfer of personal data, which may imply new business opportunities, because if fulfilled, Chile could be considered a safe port for data processing, therefore, enables that different companies begin to perform these activities in Chile.

The challenges that a new institutionality in terms of data protection will entail and involve several fronts, and will substantially affect the way in which data processing has been carried out to date in Chile, therefore, a proactive action, ahead of the entry into force of this new legislation, it is highly recommendable.