log in
All Articles | Back

Member Articles


Bill of Law Which Will Modify the Chilean Data Privacy Act: Comments to the Minutes Sent by the Ministry of Finance to the Congress 

by Guillermo Carey, Paulina Silva

Published: June, 2016

Submission: July, 2016

 



The government recently announced that a bill will be submitted to Congress to modify the Chilean Data Privacy Law N° 19,628 (“DPL”). In connection with the future bill (yet to be presented before Congress), the Ministry of Finance sent to several members of Congress a set of informal minutes outlining the structure and core aspects of the bill.


The following is a summary of the minutes, and an initial legal analysis prepared by Carey. Please note that the minutes are not official and have not been officially published by the government.


 


  • The law will have transversal applicability, binding individuals and legal entities alike, whether public or private. The legal definitions will be updated and expanded in accordance with international standards.
  • Principles of legality, purpose, proportionality, quality, security, responsibility and information will be expressly incorporated.
    • Only some of these principles are captured by the current DPL. These principles will result in new and specific obligations for data controllers.
    • We expect that the security and responsibility principles will involve new obligations related to security measures, and notification obligations related to data breaches, none of which are currently required.
    • The principles of purpose and information should provide clear provisions regarding the minimum content of personal data processing authorizations.
  • Processing of personal data is allowed as permitted by law or upon consent of the data subject.
    • We expect that the definition of “law” in the clause above will allow for broad interpretation under this bill, so that companies will be exempted from the obligation to gather consent, provided they are subject to any other law or sector-specific regulation that compels them to process data.
  • Consent must be first obtained, freely given, unequivocal and informed.
    • Requirements of prior and informed consent are new; notwithstanding that the “prior” requirement was already generally accepted by doctrine and some administrative jurisprudence. The level of detail concerning the “free” requirement will be of great importance.
    • Written consent is replaced by the technologically neutral unequivocal consent; which will in practice allow a more liberal interpretation of manifestations of consent.
    • It will be interesting to see what exceptions arise under this bill. Currently, the LPD does not provide for reasonable exceptions to the obligation to obtain consent (e.g., domestic use, exigent circumstance).
  • Individual’s rights of access, rectification, cancellation and opposition will be free of charge and non-waivable.
    • The right to challenge decisions when the decision is based on automated data processing is not included among these fundamental rights. It is likely that this matter will still be regulated in the law, but as a less fundamental, waivable right.

 



Link to article

 

MEMBER COMMENTS

 

 

WSG Member: Please login to add your comment.

    Disclaimer

WSG's members are independent firms and are not affiliated in the joint practice of professional services. Each member exercises its own individual judgments on all client matters.

HOME | SITE MAP | GLANCE | PRIVACY POLICY | DISCLAIMER |  © World Services Group, 2019