SEVEN YEARS OF DATA PROTECTION LAW IN LATIN AMERICA
BY PABLO A. PALAZZI
1. INTRODUCTION
Seven years of bad luck if you break a mirror, or so the superstition says. It seems that Latin America has not break any mirror in these last seven years. Luckily, the data protection and privacy legislation is spreading in the region. During the last seven years Chile, Argentina, Paraguay, Peru and Uruguay approved new data protection statutes regulating the collection and use of personal data, and in some cases prohibiting data transfer to countries that do not have adequate protection of privacy. Brazil, Mexico, Ecuador, Colombia and Venezuela have proposed legislation under consideration. Probably more countries will soon follow.
Although these laws are based on the European “model” of data privacy laws, they have important differences. For example in Chile the law protects only individuals, while in Argentina and Peru legal entities are also within the scope of their privacy laws. While the Chilean and Argentinean statutes regulates public and private-sector uses of personal information, the Peruvian law only address private databases. In addition, the Chilean regime does not have a data protection agency, Peru uses its already existing consumer protection infrastructure and Argentina has created a new agency to enforce the law.
Latin American countries does not have a convention or Directive as in the European Union to follow. Therefore, there is no harmonization of their privacy regimes. However, as it will be shown the spirit of the EU data protection model is present in every bill that has been introduced in the legislatures of Latin American countries.
This paper briefly outlines the state of data protection law in each of those countries and propose that those countries should try to converge in a unique model of data protection to avoid the problem encountered in Europe with different privacy rules.
