The Law N° 19.628 regarding data privacy came in force in 1999. Since then, there has been several initiatives to modify this regulation, with no success, notwithstanding the need to have a law consistent with the current state of the art in technology and data processing. The latest was introduced in Congress in 2017 following GDPR standards. Nevertheless, it has been more than 6 years and people are demanding for a better protection of their data and rights, which led to isolated regulations.
In fact, the Consumer Protection Body (Sernac), has been granted with the power to enforce data privacy in consumer relationships, overseeing Law 19,628. However, given the impossibility to properly protect consumers data with this rule, Sernac has interpreted the existing law applying consumer principles and provisions, which led to a questionable interpretation due to its illegality modifying legal basis for data processing, diminishing the consent, and overall establishing standards included in the bill of Law, which still has not come into effect.
Furthermore, the Fintech and Open Finance law was required to include a regulation regarding data protection, otherwise it would have been impossible to establish the basis for an open finance system.
Some may say that, despite isolated regulations, the objective would be achieved, i.e., to have an adequate protection of personal data. However, this legislative technique is inefficient and costly. It generates a high cost of compliance and a challenge due to multiplicity of authorities to ensure compliance with various regulations.
We hoped Chile will soon approve the amendment to Law 19.628, harmonizing regulations and aligning with GDPR standards. In the meantime, it is necessary a detailed analysis of the data processing, to determine the rules that would be applicable.
Article provided by INPLP member: Macarena Gatica (Alessandri Abogados, Chile)
Dr. Tobias Höllwarth (Managing Director INPLP)