Digital Economy Blog – In the footsteps of Europe: Is Latin America committed to ensuring the security of its data on the Internet?

Data protection on the Internet has become a very important subject. Recognized companies such as Apple have made it their priority and have even launched campaigns to demonstrate their excellence in this field. In Latin America, there are a large number of laws in each country to protect data, but none of these laws are applied in several countries, as is the case in the European Union. This makes the process of enforcing these laws a bit more complex and often leads to some people being unaware of them.

However, although the objectives are similar, the regulations and approaches are different between these two regions.

Data Protection in Latin America

In Latin America, the situation is more complex than in Europe due to the diversity of national regulatory frameworks, while in Europe the General Data Protection Regulation (GDPR), is the backbone of regulation in all the countries. In Latin America, some countries have adopted specific laws, such as Argentina’s law on the protection of personal data, while others have taken inspiration from the GDPR. However, harmonization of regulations across the region remains a major challenge.

The great diversity of countries, cultures and people in Latin America makes it more difficult to harmonize a single law, as is the case in Europe.

Mexico adopted, in 2010, the “Ley Federal de Protección de Datos Personales en Posesión de los Particulares”, set up to regulate the processing of personal data. There is also a special law for the public sector. This law regulates and informs that the consent of the person is necessary to use their data, it controls how the data can be erased and provides for fines in case of non-compliance.

For Argentina, the law called “la Ley de Protección de Datos Personales 25.326” was passed a few years ago and with this law Argentina became the first country in Latin America to be able to share data with the European Union without additional requirements. In the rules made by law, explicit consent to use the data in all cases is provided, and requests can be made by the individuals concerned to rectify or delete their data if necessary. There are also penalties for non-compliance with the law,

For Brazil, the LGPD law came into force in 2020. This law governs the processing of personal data. Also, it requires obtaining consent for the use of personal data, allows individuals to request the deletion of their data and provides for severe penalties in the event of non-compliance by companies. If international data transfers are not handled properly with Brazil, it can be complicated as there is no clear authority to monitor the data.

Colombia has a law called “Ley 1581” put in place to deal with data protection. This law requires permission from the data owner to be obtained to use it, allows individuals to request deletion of their data, and provides for fines for non-compliance. Colombia has a group to ensure compliance with the law.

Finally, Chile passed in 1999, a law called “la Ley de Protección de la Vida Privada” which stipulates that written authorization is required to use the data of individuals, but there is no specific entity in charge. to monitor this. Also, the fines are not very high and reforms are being considered.

Spain is here to help

In collaboration with the European Union, Spain helps Latin America to implement policy and regulations collectively with all or most countries. Spain will share its experience during the implementation of the GDPR, as well as the experience acquired with the Spanish Data Protection Agency (AEPD), which is the regulatory body in Spain and which is also the one of the most efficient in Europe

Although Spain, other countries and the European Union want to help Latin America, there is a long way to go until there is a similar law in each country. Because it is not only about creating the law, but also determining systematic approaches to ensure compliance with the data protection strategy. For this, it is necessary to agree, in all countries, on a regional regulatory body and to harmonize certificates and impact assessments to make them applicable at the regional level and that they are accepted in a equal by the States, as well as other subjects. Therefore, the work would be very extensive to achieve that all countries accept it in a uniform way, and this only begins with raising awareness of the importance of adopting a data protection law.

Although there are advances in some countries to regulate data protection on the Internet, Latin America is moving very slowly. Maybe in the future we will see a similar law in the countries of Central America and another in South America, which will pave the way for a data protection law for all of Latin America, even if that still takes years to arrive.