Additional News and Resources
Argentina's AAIP creates AI transparency and protection of personal data program
On 4 Sept., Argentina's data protection authority, the Agency of Access to Public Information, published Resolution No. 161/23. which created the Transparency and Protection of Personal Data Program in the use of Artificial Intelligence. The Director of the AAIP, Beatriz Anchorena, said, "We continue to strengthen institutional capacities to incorporate transparency and the protection of personal data … in the development and use of artificial intelligence." The program's general objective is ... Read More
Ecuador's PDPL: Challenges before entry into force
The entry into force of the EU General Data Protection Regulation in May 2018 prompted the creation and adaptation of different regulations on personal data protection worldwide. Ecuador was no exception, and on 26 May 2021 the Organic Personal Data Protection Law, the first law in Ecuador focused exclusively on regulating and guaranteeing personal data protection, entered into force. The first transitory provision of the PDPL provided that "the corrective measures and the sanctioning regime wi... Read More
Argentina: Draft bill on personal data protection
In August, Argentina's Agency of Access to Public Information, the data protection authority of the Argentina Personal Data Protection Law, initiated the process aimed at reforming the personal data protection regime. Personal Data Protection Law No. 25,326 passed in 2000 and complemented by Regulatory Decree No. 1558/2001 and several resolutions, rules and guidelines issued by the DPA. During that time, no substantial amendments were introduced to the text of the PDPL. Meanwhile, Argentina joi... Read More
Information Security Standards for the main regulated sectors in Brazil
This report, published by Opice Blum, outlines information security standards for the main regulated sectors in Brazil. Read More
Surveillance Tech in Latin America: Made Abroad, Deployed at Home
This report, published by Access Now, analyzes the use of surveillance technologies, specifically in Argentina, Brazil and Ecuador, highlighting the vendors behind the technologies being sold, the relationships between these governments and the vendors, and each vendor’s human rights record. Read More
El Salvador passes Personal Data Protection Law
The Legislative Assembly of El Salvador's Economic Commission voted 56–0 to pass the Personal Data Protection Law. The regulation provides data subject rights, data security requirements and a tiered fining scheme. The law will take effect one year after it is published in the Official Gazette, but those covered under the law will receive a six-month grace period to transition their systems into compliance.Full Story... Read More
Ecuador's draft Data Protection Bill
Ecuador is on the cusp of having its first data protection law. The Data Protection Bill is currently being debated in Congress and follows the European regulatory standard. Data protection has not been a priority in the Ecuadorian legal system. Even though the Constitution recognizes the right of data protection and the constitutional guarantee of habeas data, there has not been a specific law created regarding the scope and obligations for data protection. Instead, data protection legislatio... Read More
Peru publishes 2020 activity report
Peru's National Authority for the Protection of Personal Data released its 2020 activity report. The ANPD carried out 305 inspections while processing 142 complaints and issuing fines totaling 3.5 million soles. The COVID-19 pandemic was noted as a factor for increased activity statistics as ANPD saw how "the massive collection of personal data by government agencies and individuals was intensified."Full Story... Read More
Updates to Argentina's health privacy laws
Recently and in the context of the COVID-19 pandemic, the Argentine Congress passed Law No. 27.553 on Electronic or Digital Prescriptions. The EoD Prescriptions Law provides for certain measures to modernize the Argentine health system. Among others, it allows health care providers to prescribe medicines through electronic or digital prescriptions and sign them by hand, electronically or digitally. The law also states the implementation of electronic and digital signatures on electronic or dig... Read More
Colombian DPA fines bank 269M pesos
Colombia's data protection authority, the Superintendencia de Industria y Comercio, announced Banco Popular was fined 269,046,492 pesos for violating the right to deletion under the Personal Data Protection Law. Following an investigation, the DPA concluded the bank took more than 10 months to delete an individual's personal data from its databases after requesting deletion for the purpose of halting advertising from the bank.Full Story... Read More
Latin America's open data risks
Many parts of the world are facing unique issues surrounding the COVID-19 pandemic. One thing that is for certain is that this pandemic will certainly revolutionize how open data, privacy and cybersecurity will interact with one another. As issues like contact tracing and suitable employer-employee conditions are presented, there will be an increased dependency on technology and information sharing. That is why it is important that there are appropriate conversations surrounding the protection o... Read More
Peru: Employers can process sensitive data without consent for now
The recent publication of the "Guidelines for Health Surveillance of Workers at Risk of Exposure to COVID-19" and the imminent economic reactivation of the country raised a number of questions and concerns regarding the correct treatment of the personal data of employees that would be subject to the monitoring of their health condition. That led the National Authority for the Protection of Personal Data to issue the non-binding Advisory Opinion No. 32-2020-JUS / DGTAIPD, which addresses these ma... Read More
Argentina and Uruguay publish 'Data Protection Impact Assessment Guidelines'
The Argentine Agency of Access to Public Information and Uruguayan Regulatory and Personal Data Control Unit recently published the “Data Protection Impact Assessment Guidelines.” The Uruguayan law already provides for mandatory privacy impact assessments, while that is not the case under current Argentinean law (although it has been included in the bill pending before Congress). The jointly published guidelines are primarily based on the laws of the EU member states and members of Convention 10... Read More
Argentina's DPA publishes annual report
The Agency of Access to Public Information, the controlling authority in charge of the enforcement of the Argentine Data Protection Law No. 25.326, has recently published its Annual Report 2018. Among other things, the report highlighted the approval of two resolutions related to the guiding criteria for the implementation and enforcement of the applicable law (Resolution 4-E/2018 and Resolution 48/2018). Furthermore, taking into account the economic value of data in this digital age, it is st... Read More
The case for privacy education in K–12
The COVID-19 pandemic has accelerated the need to build privacy awareness among school-age kids. As students return to school virtually and busy parents adopt new educational applications and online classes to keep them busy, technology companies gather more data about us. They are aggregating and manipulating data in complex ways to help retailers and service providers sell goods and services, politicians get votes, and organizations influence individual opinions. Laws such as the U.S. Childre... Read More