Chile on the way to GDPR standards

15.01.2024

Even though Chile was the first Latin American country to have a data privacy regulation and has developed one of the most successful economies in the region, has fallen behind regarding data protection.

The Law N° 19.628 regarding data privacy came in force in 1999. Since then, there has been several initiatives to modify this regulation, with no success, notwithstanding the need to have a law consistent with the current state of the art in technology and data processing. The latest was introduced in Congress in 2017 following GDPR standards. Nevertheless, it has been more than 6 years and people are demanding for a better protection of their data and rights, which led to isolated regulations.

In fact, the Consumer Protection Body (Sernac), has been granted with the power to enforce data privacy in consumer relationships, overseeing Law 19,628. However, given the impossibility to properly protect consumers data with this rule, Sernac has interpreted the existing law applying consumer principles and provisions, which led to a questionable interpretation due to its illegality modifying legal basis for data processing, diminishing the consent, and overall establishing standards included in the bill of Law, which still has not come into effect.

Furthermore, the Fintech and Open Finance law was required to include a regulation regarding data protection, otherwise it would have been impossible to establish the basis for an open finance system.

Some may say that, despite isolated regulations, the objective would be achieved, i.e., to have an adequate protection of personal data. However, this legislative technique is inefficient and costly. It generates a high cost of compliance and a challenge due to multiplicity of authorities to ensure compliance with various regulations.

We hoped Chile will soon approve the amendment to Law 19.628, harmonizing regulations and aligning with GDPR standards. In the meantime, it is necessary a detailed analysis of the data processing, to determine the rules that would be applicable.

 

Article provided by INPLP member: Macarena Gatica (Alessandri Abogados, Chile)

 

 

Discover more about the INPLP and the INPLP-Members

Dr. Tobias Höllwarth (Managing Director INPLP)

What is the INPLP?

INPLP is a not-for-profit international network of qualified professionals providing expert counsel on legal and compliance issues relating to data privacy and associated matters. INPLP provides targeted and concise guidance, multi-jurisdictional views and practical information to address the ever-increasing and intensifying field of data protection challenges. INPLP fulfils its mission by sharing know-how, conducting joint research into data processing practices and engaging proactively in international cooperation in both the private and public sectors.