/ Legislative Summary of the Year in Privacy and Technology: Data Bill moves to second constitutional stage

20 January, 2022

Jaime Urzúa W.
Associate Alessandri Abogados


The year 2021, strongly marked by the pandemic, further accelerated the digital transformation in all its spheres.  The bills processed in Congress will raise the compliance standards of those subject to the laws, which will mean a great challenge for some industries.  Below is a summary of the main progresses in this area, along with what are expected to be the most relevant aspects for 2022.

Bill 11,144, which regulates the protection and processing of personal data and creates the Personal Data Protection Agency.

Information: this bill completely reforms Law 19,628 on private life of individuals and introduces the creation of the Personal Data Protection Agency, which will be the institution in charge of supervising and sanctioning compliance with the new rules.

Status: the bill has just passed to the second constitutional stage, since last Tuesday, January 25 the Senate sent the bill to the Chamber of Deputies. In this instance, the text will be reviewed by the Constitution, Legislation, Justice and Regulation Committee and by the Finance Committee of the Chamber. During 2021, the executive branch presented indications aimed at replacing the Council for Transparency with an independent Data Protection Agency and changes were proposed to the fine regime.

What to expect: the government has urged to advance as much as possible the processing of this bill before the change of office.  On the other hand, the government program of President-elect Gabriel Boric provides for the promotion of a national data policy, in which one of its axes consists of a new personal data law.


Law 21,398 that establishes measures to encourage consumers’ rights protection (Pro-Consumer Law).

Information: published on Decem4, 202ber 21, the so-called Pro-Consumer Law proposes a series of new obligations to suppliers of different markets (financial and aeronautical, among others), and incorporates supervisory powers of Sernac and collective actions in matters of personal data protection. Read more details.

What to expect: the agency has emphasized its role as personal data protection supervisor as a supplement to that of other sectorial authorities, so it is expected to initiate processes aimed at reviewing possible abusive clauses in terms and conditions, privacy policies and cookie notices, among others.


Bill 14,570 that promotes competition and financial inclusion through innovation and technology in the provision of financial services (Fintech Law).

Information: this bill creates a regulatory framework for the provision of technological financial services, incorporating Fintech companies into the CMF’s scope of oversight. Among other things, it regulates crowdfunding platforms and promotes competition through a system of open banking.

Status: the bill is in the second constitutional stage in the Senate Finance Committee, awaiting its dispatch to be voted in the Chamber. Multiple legislative urgencies have been introduced to accelerate its processing.

What to expect: the bill had great support in its stage at the Chamber of Deputies, so it is expected to progress with the same speed in the Senate, perhaps even without the need to be reviewed by a joint committee.


Bill 13,828-19 on the protection of neuro-rights and mental integrity, and the development of research and neurotechnology..

Information: this bill creates a regulatory framework for the protection of the physical and psychological integrity of individuals by protecting the privacy of neural data. It also introduces a series of legal definitions such as neurotechnology, neuro-rights, neural data and brain-computer interface, as well as encouraging the study of these matters by the State.

Status: the bill is in its second constitutional stage in the Future, Science, Technology, Knowledge and Information Committee of the Chamber of Deputies. It currently has simple urgency.

What to expect: the project has raised certain criticisms regarding its content, although it has managed to progress in the legislative process with some indications. If approved, it would be the first law regulating these matters in the world.


Bill 14,561-19 on digital platforms.

Information: this bill introduces a specific regulation for digital platforms and their users, establishing obligations to the providers of such platforms and even making them responsible for the content available on them.

Status: the bill is in the first constitutional stage in the Future, Science, Technology, Knowledge and Information Committee of the Senate, awaiting a new first report to be reviewed and then vote on the bill in general in the Chamber.

What to expect: the bill has been strongly criticized by several trade associations and others from the academic and private world, given its lack of clarity regarding the problem it intends to solve and what it offers, in addition to the broadness of certain definitions and the multiple restrictions to freedom of expression.  With the recently introduced bill 14,785 on digital platforms and social networks, being processed in the Chamber of Deputies, it is expected that both will converge in a coherent text.


Bill 14,743 which creates a Consolidated Debt Registry.

Information: the purpose of this bill is to expand the information on financial obligations of individuals, so that the system not only reflects negative information or past-due obligations, but also information on good payment behavior, so that they can make use of their reputational capital and access the credit market under better conditions.  It also creates a Consolidated Debt Registry in charge of the CMF, which will have the necessary powers to regulate and supervise the agents of the commercial information system.

Status: the bill is in its first constitutional stage in the Committee of Economy, Promotion and Development of the Chamber of Deputies, awaiting approval in particular.


General Applicability Rule No. 454 of the CMF.

Information: this regulation came into force on September 30, 2021 and establishes a series of principles and obligations associated with an adequate operational risk management and cybersecurity system that serve as a basis for the evaluation of insurance and reinsurance companies by the CMF.  It also establishes that the board of directors of these companies must approve the policies in which such principles are implemented in the company and monitor their compliance with them.


Circular Letter No. 119 of the Superintendence of Gaming Casinos.

Information: this regulation came into force on October 12, 2021 and establishes certain cybersecurity obligations to the operating companies and concessionaires of gaming casinos.  The circular letter imposes the adoption of technical and organizational measures to identify risks, establish mitigation controls and the management of cyber incidents, establishing the obligation to report to the Superintendence when such events occur.