We invite you to read the publication of Diario Financiero in which our senior associate, Antonia Nudman, commented on the future Personal Data Protection Agency.
The Personal Data Protection Law, passed last August, seeks to regulate the protection and treatment of this type of information and enables the creation of a new body to achieve it. Experts detail the next steps and analyze the powers and scope it will have.
A few weeks after the approval of the Personal Data Protection Law, which establishes the creation of the future Personal Data Protection Agency, discussions are intensifying on the role that this entity, responsible for regulating the adequate treatment of data and ensuring the protection of the rights of its holders, will play.
Among its powers is to dictate rules, supervise and sanction, so its existence is an important step to ensure the effective application of the regulations.
The partner of Cybertrust Latam, Gustavo Ríos, values as ‘very positive’ the fact that an organism is created for this. ‘This new institution will not only have a reactive behavior, but will seek to instill a culture of data protection in our country,’ he notes.
For the partner of the Technology and Data Protection area of Barros & Errázuriz, Andrés Rodríguez, the creation of this agency is a crucial step for effective protection, considering that having an authority in charge generates a sense of greater responsibility and awareness regarding the treatment of personal data. Its role will not only be one of oversight, but also of education and guidance, which will contribute to fostering a culture of privacy and protection of personal data, in accordance with the highest international standards’, he agrees.
It will be key that the compositional structure of this body maintains a cross-industry approach, both from theoretical and practical experience, defines the senior associate of the IP, Tech and Data group of Albagli Zaliasnik, Antonia Nudman. The future authority will have to maintain a high standard, but at the same time be adaptable to different sectors,’ she says.
Road map
Andrés Rodríguez defines four steps as key for the creation of this agency: the appointment of the members of its Board of Directors, which must take place within 60 days prior to the entry into force of the law; the preparation of all the necessary informative material to promote knowledge of the new regulations; the proposal of the agency’s statutes, which must be sent to the President of the Republic within 90 days after the entry into force of the law; and the preparation of the respective regulations, which must be issued within six months after their publication in the Official Gazette.
For Antonia Nudman, the most relevant for its installation will be the appointment of the Board of Directors. There are three counselors, who will be appointed by the President with the agreement of the Senate.
Although the agency is autonomous, the way in which the councilors are appointed carries the risk of a potential political influence in its decision making, which could impact its functioning and the application of the law. However, their decisions may be reviewed by the ordinary justice system, so there would be a counterbalance in cases of possible impartiality’, says the partner of the Technology and Data Protection area of Barros & Errázuriz.
Nudman highlights as something very positive that the sanctioning process has been left under the attributions of this organism, instead of being entrusted to ordinary courts, since the supervision and application of sanctions will be carried out by ‘highly qualified and expert‘ people in personal data protection issues. This promotes a real and effective application of the obligations and principles enshrined in the law, and it is expected that a rich jurisprudence on sanctioning matters will be created, which can guide all the companies that process personal data in Chile‘, he adds.
In the opinion of the National Cybersecurity Coordinator, Daniel Álvarez, the regulation that allows the creation of this institution comes to close the regulatory process that Chile has experienced in recent years in terms of technologies.
During the administration of President Gabriel Boric, the new Computer Crimes Law was enacted, the Fintec Law, the Cybersecurity Framework Law and the Digital Transformation Law are being implemented. Finally, the reform to the Law on Personal Data Protection was passed, so that we could say that we will have a regulatory ecosystem for the digital economy and society’, he says.
