Skip to main content

Chile on the way to GDPR standards.


Even though Chile was the first Latin American country to have a data privacy regulation and has developed one of the most successful economies in the region, has fallen behind regarding data protection.

The Law N° 19.628 regarding data privacy came in force in 1999. Since then, there has been several initiatives to modify this regulation, with no success, notwithstanding the need to have a law consistent with the current state of the art in technology and data processing. The latest was introduced in Congress in 2017 following GDPR standards. Nevertheless, it has been more than 6 years and people are demanding for a better protection of their data and rights, which led to isolated regulations.

In fact, the Consumer Protection Body (Sernac), has been granted with the power to enforce data privacy in consumer relationships, overseeing Law 19,628. However, given the impossibility to properly protect consumers data with this rule, Sernac has interpreted the existing law applying consumer principles and provisions, which led to a questionable interpretation due to its illegality modifying legal basis for data processing, diminishing the consent, and overall establishing standards included in the bill of Law, which still has not come into effect.

Furthermore, the Fintech and Open Finance law was required to include a regulation regarding data protection, otherwise it would have been impossible to establish the basis for an open finance system.

Some may say that, despite isolated regulations, the objective would be achieved, i.e., to have an adequate protection of personal data. However, this legislative technique is inefficient and costly. It generates a high cost of compliance and a challenge due to multiplicity of authorities to ensure compliance with various regulations.

We hoped Chile will soon approve the amendment to Law 19.628, harmonizing regulations and aligning with GDPR standards. In the meantime, it is necessary a detailed analysis of the data processing, to determine the rules that would be applicable.


Article provided by INPLP member: Macarena Gatica (Alessandri Abogados, Chile)



Discover more about the INPLP and the INPLP-Members

Dr. Tobias Höllwarth (Managing Director INPLP)

Cloud Privacy Check (CPC). Data Privacy Compliance in the Cloud Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.


About Us

EuroCloud is an independent non-profit organization and consists of a two-tier setup where organisations form all European countries can apply to participate in as long as they respect the EuroCloud Statutes.

To act as a true European player, all programs that are developed are intended to be European activities. These European programs are the strength of EuroCloud as a whole. Respect to local cultures along with the will to promote a real European spirit.