SlideShare a Scribd company logo
1 of 104
New Data Protection Laws and Case Law
  Trends in Central & South America
                                               (final version)

                                          Dallas, TX (USA)
                                        September 15, 2011




                                     Cédric Laurant
                                  Ana Brian Nougrères
                                   Renato Opice Blum


                                                   © 2011


                                           Presentation available at
  <http://cedriclaurant.com/wp-content/uploads/2011/09/110916-new_latam_data_prot_laws_case_law_trends-
                                                 fv.pdf.zip>
WWW.OPICEBLUM.COM.BR


                         Renato Opice Blum
                              renato@opiceblum.com.br
    @opiceblum

Attorney and economist, Digital Law coordinator of GVLaw and of the
MBA on Electronic Law at Escola Paulista de Direito; Invited-
Professor at USP and Mackenzie Presbyterian University; President of
the Council of Information Technology and Communication of the
Commerce Federation of São Paulo/SP and of the Technology Law
Committee of AMCHAM; Advisor of the            Committee of High
Technology Crimes of Brazilian Bar Association; International
Lectures: Global Privacy Summit 2010, 73rd Conference of the
International Law Association; ISSA International Conference 2010;
HTCIA International Conference 2010; Inter American Bar
Association: Reunión del Consejo y Seminario 2010, Invited
Participant at The Sedona Conference 2010 and invited lecturer at
the 3rd Annual Sedona Conference 2011; Seton Hall Law – 2011 and
ABA annual meeting 2011; Coordinator and co-author of the book
“Manual of Electronic Law and Internet” and “Electronic Law:
internet and the courts”
2     New Data Protection Laws and Case Law Trends in Central & South America
Dra. Ana Brian Nougreres
                           Legal Consultant at the Uruguayan Parliament,
                           Senate and Chamber of Representatives and at
                           the Uruguayan College of Attorneys.
                           Teacher at School of Law, Legal Informatics Chair,
                           Universidad de la República Oriental del Uruguay.
                           Chief Consultant at Estudio Jurídico Briann and
                           Associates.

                           E-mail: abrian [at] netgate [dot] com [dot] uy 




3   New Data Protection Laws and Case Law Trends in Central & South America
Cédric Laurant

                              rincipal, Cedric Laurant
                             P
                            Consulting (Brussels)

                              ttorney at law (Washington,
                             A
                            DC)

                              E-mail:   c [at] cedriclaurant [dot] com

                              Website: http://cedriclaurant.com

                              Blogs:    http://cedriclaurant.org
                                        http://security-breaches.com

                              Linkedin: http://www.linkedin.com/in/cedriclaurant




4   New Data Protection Laws and Case Law Trends in Central & South America
Outline

           
  Introduction

           
  A. Brazil

           
  B. Uruguay & Argentina

           
  C. Colombia, Peru, Costa Rica

           
  D. Key take aways

           
  Q & A



5   New Data Protection Laws and Case Law Trends in Central & South America
Outline

           
  Introduction (Cedric Laurant)

           
  A. Brazil

           
  B. Uruguay & Argentina

           
  C. Colombia, Peru, Costa Rica

           
  D. Key take aways

           
  Q & A


6   New Data Protection Laws and Case Law Trends in Central & South America
7   New Data Protection Laws and Case Law Trends in Central & South America
8   New Data Protection Laws and Case Law Trends in Central & South America
Introduction

           
   Most important privacy developments in Brazil, Argentina,
               Uruguay, Colombia, Peru and Costa Rica.

           
   Recent regulatory and case law trends that affect how you do
               business in Central and South America.

           
   How the most recent Latin American data protection laws are
               likely to be implemented.

           
  Q&A




9   New Data Protection Laws and Case Law Trends in Central & South America
Outline

            
  Introduction

            
  A. Brazil (Renato Opice Blum)

            
  B. Uruguay & Argentina

            
  C. Colombia, Peru, Costa Rica

            
  D. Key take aways

            
  Q & A


10   New Data Protection Laws and Case Law Trends in Central & South America
Brazil




11   New Data Protection Laws and Case Law Trends in Central & South America
The children of
       darkness are
       always faster
     than the children
          of light.
     Lucas chapter 16 verse 8


12   New Data Protection Laws and Case Law Trends in Central & South America
BRAZIL – SOME CASES
                                 MEDICAL CLINIC
                         database copy / unfair competition

                                         M COMPANY
                                         illegal video

                               BROKER COMPANY
                       database breach / unfair competition

                                        T COMPANY
                                      database breach

                           CHEMICAL INDUSTRY COMPANY
                                 database breach

                                        RACE DRIVER
                                       image damage

                                   BEVERAGE COMPANY
                                   483 confidential files
13   New Data Protection Laws and Case Law Trends in Central & South America
PERSONAL DATA BILL OF LAW


     Article 1. The aim of this project guarantees
     and protection, in the area personal
     information specially dignity and
     fundamental rights of the person, specially
     with regard to his/her freedom, equality and
     personal privacy in terms of art 5 of Federal
     Constitution.

     Article 2. Everybody has the right to the
     protection of his/her personal data.



14   New Data Protection Laws and Case Law Trends in Central & South America
PERSONAL DATA BILL OF LAW
Article 35. The international transfer of personal data is only allowed to countries
that provide a level of data protection comparable to the one of this law, unless
the following exceptions:

I - when the owner has expressed his own free consent, express and informed to
the transfer;
II - when it is necessary for the implementation of obligation under a contract of
which the holder is a party;
III - when it is necessary to guarantee a significant public interest specified by
law;
IV - when it is necessary for international cooperation among government
agencies for intelligence and research, according to international law instruments
to which Brazil is bounded;
V - when it is necessary to defend a right in court, if the data are transferred
solely for this purpose and for the necessary period of time;
VI - when it is necessary to protect the life or physical safety of the owner or
third party, if the holder cannot provide its consent because of physical
impossibility, incapacity to act or understand.



 15    New Data Protection Laws and Case Law Trends in Central & South America
CONSTITUTION

      Section 5.10 – Intimacy, privacy, honor and image of persons – INVIOLABLE.
      Section 5.12 – Secrecy of correspondence and Telecom – INVIOLABLE.

CIVIL CODE

      Section 20 – Disclosure of writings, the transmission of the word, or
      publication, display or use of the image of a person.
      Section 21 – Private life of a person – INVIOLABLE.

                               EXPECTATION OF PRIVACY
                           SÃO PAULO STATE COURT DECISION
 Violation of image rights, privacy, intimacy and honor by being
 photographed and filmed (in intimacy) on locations – Spanish beach –
 Injunction to terminate the exhibition of movies and photos on web-
 sites because of the presumption of lack of consent to the publication.
 Filling with a daily penalty payment of $ 250,000.00, to inhibit
 infringement of the command to abstain.
 The paparazzi are known for aggressively working with the capture of
 images, which characterizes the illegality of their activities
 [voyeurism]. Denying injunctive relief would reward the work of these
 professionals that do not require authorization for their photos and,
 especially, to legalize the sensationalism and scandal propagated by
 the media, without permission of those involved.
 16      New Data Protection Laws and Case Law Trends in Central & South America
NEWS ON THE INTERNET CAUSES HARM TO CITIZEN’S
     HONOR. HE WAS NOT GUILTY, BUT THERE WAS NO NEWS
       ABOUT THAT, ONLY ABOUT THE ONGOING LAWSUIT.




                                                                   JUDGE      ORDERS
                                                                   GOOGLE TO SET UP A
                                                                   FILTER TO RANDOMIZE
                                                                   RESULTS WITH THE
                                                                   PLAINTIFF’S NAME,
                                                                   ENABLING VARIETY OF
                                                                   NEWS


                                    PARANA STATE COURT 1819/2008



17   New Data Protection Laws and Case Law Trends in Central & South America
Brazilian authority postpones to 2012 legislation
that obliges tracking devices in new cars.


      The Brazilian National Transit Counsel has postponed to 2012
      the obligation to install anti-theft devices in all the cars.
      According to the department, the change was made due to the
      complexity of the telecommunications infrastructure that may
      be needed to develop the Integrated System of Monitoring e
      Automatic Registry of Vehicles (SINRAV, in Portuguese).
      The installation of the tracking device is mandatory.
      The obligation to install this device has been postponed since
      2009. The main reason is that this law is seen as harmful to the
      citizens’ liberty, since anyone can be monitored without
      consentiment and have their private life invaded.




 18     New Data Protection Laws and Case Law Trends in Central & South America
CONSUMER DEFENSE CODE

     Section 43 – Database access.

     Section 72 – Block access. Penalty – detention from six
     months to one year or a fine.


                                                 PRIVACY
                                           SANTA CATARINA STATE
                                              COURT DECISION

                                          Consumer Defense
                                          Association causes
                                          damages to consumers
                                          disclosing its database to
                                          third parties. Association
                                          must include a warning
                                          about the disclosure and
                                          ask for permission.
19    New Data Protection Laws and Case Law Trends in Central & South America
WIRETAPPING – ACT 9296/1996

     Section 1 – Interception of telephone communications – flow of
     communication.

     Section 10 – Intercept communication or break secret of Justice, without
     judicial authorization – confinement from two to four years and fine.


 PRIVACY
 SÃO PAULO STATE COURT DECISION

 Breach of confidentiality of correspondence, telegraphic,
 data and telephone communications - Nonoccurrence -
 Seizure of emails in possession and knowledge of the
 recipient by a court order - strong suspicions that the
 material might enlighten the criminal infraction –
 interpretation of art. 5, XII of the Constitution.

 T H E R E I S N O V I O L AT I O N O F T H E S E C R E C Y O F
 CORRESPONDENCE.
20     New Data Protection Laws and Case Law Trends in Central & South America
APPEAL TO THE SUPERIOR COURT OF JUSTICE
           BRAZIL Nº 1.193.764 - SP (2010/0084512-0)
                                                                    APPELLANT : I P DA S B
                                                   APELLEE : GOOGLE BRASIL INTERNET LTDA

     SUMMARY

     CIVIL AND CONSUMER LAW. INTERNET. CUSTOMER RELATION. CDC
     (BRAZILIAN CONSUMER DEFENSE CODE). FREE SERVICE.
     INDIFFERENCE. CONTENT PROVIDER. PREVIOUS FISCALIZATION ON
     THE CONTENT OF THE USER POSTED INFORMATIONS ON THE
     WEBSITE. UNNECESSARY. MESSAGE WITH OFFENSIVE CONTENT.
     MORAL DAMAGE. INHERENT RISK TO BUSSINESS. INEXISTENCE.
     ACKNOWLEDGMENT OF THE FORBIDDEN CONTENT. IMMEDIATE
     REMOVAL OF THE CONTENT. DUTY. PROVIDE MEANS FOR THE
     IDENTIFICATION OF EACH USER. DUTY. REGISTER THE IP NUMBER.
     SUFFICIENT.




21    New Data Protection Laws and Case Law Trends in Central & South America
SUPERIOR LABOR COURT –
CORPORATE EMAIL AND
RECORDINGS AS VALID PROOF FOR
DISMISSION
 “(…) As a subscriber of the internet service
 provider, the company is responsible for its intern
 use, in accordance to laws. 8. Thus, if the
 employee eventually use the corporate email for
 personal reasons, he should be aware that the
 access to the content of the messages by the
 employer do not represent major violation of its
 mails, nor violation of privacy or intimacy, because
 we are talking about equipment and technology
 provided by the employer for usage to work and
 reach the goals of the company. 9. This way, we do
 not understand that it sets up no defense to the
 usage of evidence embodied in access to e-mail
 box, provided by the employer to his employees.
 Interlocutory appeal devoided.”
22   New Data Protection Laws and Case Law Trends in Central & South America
SUPERIOR LABOR COURT –
CORPORATE EMAIL AND
RECORDINGS AS VALID PROOF
FOR DISMISSION

INTERLOCUTORY APPEAL IN A REVIEW APPEAL. PAIN AND
SUFFERING. GOOD CAUSE.


The sentence from the lower level court registred that it
does not hurt constitutional standard of financial
disclosure and corporate email, especially when the
employer, in advance, warn its employees about the rules
for using the system and the possibility of tracking and
monitoring their email. Interlocutory appeal devoided.


 23   New Data Protection Laws and Case Law Trends in Central & South America
SECURITY

Law enforcement agencies use social networks in
search of incriminating data users




24   New Data Protection Laws and Case Law Trends in Central & South America
GPS - Monitoring




25   New Data Protection Laws and Case Law Trends in Central & South America
3rd FEDERAL COURT – LETTERS ROGATORY?




26   New Data Protection Laws and Case Law Trends in Central & South America
Greetings

Ambassador Roberto Campos: "Those who
remain in this house have before them wonderful
agenda. I wish them, as in the words of
theologist Reinhold Niehbuhr:

"May God give the serenity to accept the things
they cannot change, courage to change the
things they can change and the wisdom to know
the difference."


27   New Data Protection Laws and Case Law Trends in Central & South America
Recommendations and Practices for the Safe Use of
                Internet to Entire Family




 Link: http://www.opiceblum.com.br/download/OABMack_Safety.pdf
28   New Data Protection Laws and Case Law Trends in Central & South America
Outline

            
  Introduction

            
  A. Brazil

            
  B. Uruguay & Argentina (Ana Brian
               Nougreres)

            
  C. Colombia, Peru, Costa Rica

            
  D. Key take aways

            
  Q & A

29   New Data Protection Laws and Case Law Trends in Central & South America
Argentina 2003
 Decision 2003/490/CE
 November 21, 2003
 Declaration of Adequation to the levels of data
 protection of Directive 95/46/EC of the European
 Parliament and the Council.


30   New Data Protection Laws and Case Law Trends in Central & South America
Argentina 2011

 Transfers to other countries only permitted if the country
 of destination ensures an adequate level of protection.

 Exceptions to this principle only in special cases: explicit
 and unambiguous consent, execution of certain
 contracts, safeguard of public interests or
 individual vital interests, information of public
 registers.
31   New Data Protection Laws and Case Law Trends in Central & South America
Articles 25 and 26,
                                                        Directive 95/46/CE
                                                        European Economic Space

 DATA TRANSFERS AEPD March 31, 2011
32   New Data Protection Laws and Case Law Trends in Central & South America
INTERNATIONAL DATA TRANSFERS
     WITH COUNTRIES WITH NO ADEQUATION
     AEPD March 31, 2011

33    New Data Protection Laws and Case Law Trends in Central & South America
AEPD March 31, 2011
34   New Data Protection Laws and Case Law Trends in Central & South America
AEPD March 31, 2011
35   New Data Protection Laws and Case Law Trends in Central & South America
Uruguay - Dispositions
 Law 18331 - August 18, 2008
 Decree 664/2008
 Decree 437/2009
 Decree 414/2009
 Law 18719 - December 27, 2010
 Law 18778 – July 15, 2011

36   New Data Protection Laws and Case Law Trends in Central & South America
Uruguayan Data Protection System
 Scope of application of the legislation
 Data protection principles
 Rights of the data holders
 Liability
 Enforcement mechanisms
 Control
 Sanctions
37   New Data Protection Laws and Case Law Trends in Central & South America
Scope

 The regime is applied to all personal data recorded in
 any kind of medium that makes them likely to be
 processed, and any kind of subsequent use of these
 data within public or private domains.


38   New Data Protection Laws and Case Law Trends in Central & South America
Principles

 Purpose limitation principle
 Data quality and proportionality principle
 Principle of transparency
 Security principle


39   New Data Protection Laws and Case Law Trends in Central & South America
Rights of the data holders

 Access
 Rectification
 Opposition




40   New Data Protection Laws and Case Law Trends in Central & South America
International data transfers restricted:
 Countries that provide adequate levels of protection.
 Transfers authorized by the control authority
 in cases that offer contractual clauses
 regarding privacy, rights, freedoms of individuals
 and the exercise of their rights.
 Consent, contract, public interest, individual’s
 vital interest, public registry.

41   New Data Protection Laws and Case Law Trends in Central & South America
Sensitive data
 (9% of the data universe in Uruguay)
 Definition as personal data revealing racial or ethnic origin,
 political preferences, religious or moral beliefs, trade union
 membership or information concerning health or sex life.

 Explicit consent required for data processing.

 Nobody can be compelled to provide sensitive data.

42   New Data Protection Laws and Case Law Trends in Central & South America
Direct marketing
 The data used for this purpose are home addresses,
 distribution of documents, advertising, sale or similar
 activities.
 In case this data is suitable for promotional profiling,
 commercial or advertising purposes, it should appear in
 documents accessible to the public or must have been
 supplied or consented by the affected individual.
 Right to access, remove and block data can be
 applied at any times.
43   New Data Protection Laws and Case Law Trends in Central & South America
Automatic individual decision
 Decisions based on the processing of data should not
 affect people or their performance (employment,
 credit, reliability, behavior, etc.).

 The affected person has the right to obtain
 information from the controller, both regarding
 the assessment criteria and the program
 used for the processing.

44   New Data Protection Laws and Case Law Trends in Central & South America
Supervisory Data Protection Authority
 URCDP : autonomous entity with technical autonomy
 Management: Executive Council of three members
 (Executive Director of AGESIC and the other two appointed
 by the Executive Power).
 Assistance: Advisory Council of five members
 (Members appointed by Legislative and Judicial
 Power, Public Ministry, academy and private
 sector).
45   New Data Protection Laws and Case Law Trends in Central & South America
Procedural and enforcement
 mechanisms
 URCDP provides assistance, advice, regulations, registries of
 databases, monitors compliance with regulations, guarantees
 security and confidentiality of data provided, issues opinions.
 Investigation,
 Inspection and
 Sanctions are in charge of the URCDP
 Habeas data action, legal quick action.


46   New Data Protection Laws and Case Law Trends in Central & South America
Sanctions

 Warning (83 %)
 Fines (17 %)
 Suspension of database.




47   New Data Protection Laws and Case Law Trends in Central & South America
Opinion 6/2010 of the WP29 on the
 level of personal data protection in
 Uruguay, adopted October 12, 2010.

 CONCLUDES that Uruguay ensures an adequate
 Level of protection within the meaning of
 Article 25 (6) of Directive 95/46/CE.

48   New Data Protection Laws and Case Law Trends in Central & South America
Why data protection systems work
     as a win-win process

 For the consumers, because they can control their
 own data and the information disseminated about
 them.
 For the enterprises, because then can prevent risks of
 vulnerability of the information they manage from
 their clients.
 For the countries, because then can attract
 investors, improve their positions and compliment
 international standards.


49    New Data Protection Laws and Case Law Trends in Central & South America
Outline

            
  Introduction

            
  A. Brazil

            
  B. Uruguay & Argentina

            
  C. Colombia, Peru, Costa Rica
               (Cedric Laurant)

            
  D. Key take aways

            
  Q & A

50   New Data Protection Laws and Case Law Trends in Central & South America
Colombia, Peru & Costa Rica:
                      Outline

            
  1. Colombia: case studies,
               problem-solving in real world
               situations
            
  2. Peru: overview of the data
               protection law
            
  3. Costa Rica: overview of the data
               protection law
            
  See references at end of slide deck



51   New Data Protection Laws and Case Law Trends in Central & South America
Colombia

                  
  7 real cases:
                        
  How they might be solved with the upcoming
                           data protection law.
                        
  Why are those cases relevant to you and for
                           your job?

                  
  Cases range from private to public and
                     governmental aspects of data protection,
                     not only for private businesses but also
                     for public/government authorities.




52   New Data Protection Laws and Case Law Trends in Central & South America
Trust




53   New Data Protection Laws and Case Law Trends in Central & South America
Trust
            
   Case study: why do books always come wrapped in
                Colombian bookstores? Lack of trust towards customers?
                High price? Attitude towards books as sacred objects? Piracy?

            
   Problem: lack of trust by businesses towards consumers.

            
   Significance: lack of trust by businesses breeds lack of trust
                by consumers towards businesses.

            
   Business context: B2C transactions between foreign
                companies and Colombian consumers.

            
   Relevance for US/EU companies: foreign companies must
                be aware of, and understand, this essential feature of the
                commercial context in which personal information is
                being processed in Colombia.




54   New Data Protection Laws and Case Law Trends in Central & South America
Trust

            
   Resolution:
                 
   Should bookstores unwrap all books to make better
                     sales? Will it demonstrate more trust by the shopkeeper
                     towards its customers? Will it have a positive or negative
                     impact on sales?
                 
   How is trust related to complying with new data
                     protection legal requirements? Does it mean that for a
                     company to be successful, it should be more transparent
                     about how it processes its customers’ personal data?
                 
   How would the upcoming Colombian data protection law
                     apply? What would have to change in current data
                     management practices? (Take local commercial traditions
                     and way of doing business into account.)
                 
   How could this have an impact on the level of
                     enforcement of the new law?
            
   Take away




55   New Data Protection Laws and Case Law Trends in Central & South America
Trust




56   New Data Protection Laws and Case Law Trends in Central & South America
Credit reporting system




57   New Data Protection Laws and Case Law Trends in Central & South America
Credit reporting system
            
   Case study: Colombian real estate franchise of a US
                company (“Century 21 Luque Medina”).
            
   Problem: illustrates the current serious problem with the
                credit reporting system in Colombia: abusive use is
                detrimental to consumers, tenants and sureties; does not
                encourage accountability and business ethics by real estate
                companies.
            
   Significance: lack of trust by Colombian tenants, landlords
                and sureties towards Colombian subsidiaries or franchises of
                foreign businesses.
            
   Business context: B2C/B2B transactions between, on the
                one hand, foreign companies or Colombian subsidiaries or
                franchises of foreign companies, and, on the other hand,
                Colombian consumers.
            
   Relevance for US/EU companies: negative impact on US/
                EU companies’ reputation.




58   New Data Protection Laws and Case Law Trends in Central & South America
Law No. 1266 of 2008

          
   The Colombian “FCRA”.
          
   Applies in addition to the upcoming data protection law by
              focussing only on the protection of credit reports and the
              processing of financial personal information.
          
   Lacks teeth to address international data transfer issues: scope
              too limited to provide enough protections for information
              processed by European companies’ subsidiary call centers
              based in Colombia.
          
   No “adequate protection”. European Commission’s opinion:
              adequate to regulate the financial sector, but not medical,
              religious, ethnic, and other type of personal data.
          
   Enforcement has started by supervisory authorities.




59   New Data Protection Laws and Case Law Trends in Central & South America
Credit reporting system

            
   Resolution:
                 
   How does the Law No. 1266 of 2008 apply to this case?
                     Was it violated? No but did in fact unfairly treat the data
                     subject.
                 
   What would have to change in current data management
                     practices?
                 
   How has that law applied so far? Enforcement case by the
                     Superintendencia de Industria y Comercio.
                 
   How will the upcoming data protection law have any
                     impact? Purpose specification principle.
            
   Take away:
                 
   Doing business in a fair way will give the advantage to
                     foreign companies.
                 
   Go beyond strict compliance of the letter of the law in
                     implementing it.




60   New Data Protection Laws and Case Law Trends in Central & South America
Authentication for private
                            transactions




61   New Data Protection Laws and Case Law Trends in Central & South America
Authentication for private
                            transactions
           
   Case study: fingerprints required as means of authentication
               for all sorts of contracts between individuals and businesses
               (rental agreements, online password releases for online
               banking accounts, exchange of currencies, “pospago”
               contracts with mobile phone providers, shipment of packages
               abroad,…
           
   Problem: need for a reliable way to authenticate individuals;
               signature not sufficient for authentication purposes. Main
               reason: high level of fraud.
           
   Significance: processing of sensitive personal information
               (biometrics) by businesses.
           
   Business context: B2C/B2B transactions between foreign
               companies and Colombian customers/clients or companies.




62   New Data Protection Laws and Case Law Trends in Central & South America
Authentication for private
                            transactions
            
   Relevance for US/EU companies: authentication
                procedures may prove very burdensome, bureaucratic and
                onerous; on the other hand, motivated by good reasons: to
                prevent fraud (cfr fraud statistics in Colombia) and money
                laundering.
            
   Questions/Resolution:
                 
   How will the upcoming Colombian data protection law
                     apply? (transparency, right of access, adequate security
                     measures, …)
                 
   How will the new law impact those authentication
                     practices? (proportionality and security measures)
                 
   How will current data management practices have to
                     change? (more transparency, subject access and
                     security)
            
   Take away




63   New Data Protection Laws and Case Law Trends in Central & South America
Collection of biometrics for
                         security purposes




64   New Data Protection Laws and Case Law Trends in Central & South America
Collection of biometrics for
                         security purposes
             
   Case study: digital biometric fingerprint scanner used as a
                 security measure at the entrance of office buildings; required
                 from everyone to get access to the premises.
             
   Significance: higher risk of data breaches because of
                 databases storing very sensitive personal information
                 (biometrics) and higher risk for data subjects concerned.
             
   Business context: B2C transactions between foreign
                 companies and data subjects (Colombians or foreigners,
                 individuals or clients).
             
   Relevance for US/EU companies: higher risk for hacking
                 and data breaches exists as sensitive personal information is
                 being stored.
             
   Problem: use of biometrics and other authentication and
                 identification measures by private actors in a wide range of
                 situations where collection, use and secondary use of
                 personal information is not necessarily legitimate,
                 transparent or proportionate (e.g., building access).



65   New Data Protection Laws and Case Law Trends in Central & South America
Collection of biometrics for
                         security purposes
             
   Questions:
                  
   Why is a digital fingerprint required as opposed to a less
                      intrusive and less risky means of access security measure? Is
                      it proportionate?
                  
   What happens with this data? With whom is it shared?
                  
   Where is there any type of privacy policy explaining what
                      happens with the information collected?
                  
   What happens if I am being denied access to the building?
                      Where can I complain? (transparency issue)
             
   Resolution:
                  
   How does the upcoming Colombian data protection law
                      apply?
                        
   Proportionality; prior and express consent;
                            transparency;…
                  
   What would have to change in current data management
                      practices to make this processing compliant with the law?
                  
   What are the exemptions for law enforcement authorities?

             
   Take away



66   New Data Protection Laws and Case Law Trends in Central & South America
Phone no. and ID for every
                            purchase




67   New Data Protection Laws and Case Law Trends in Central & South America
Phone no. and ID for every
                            purchase
             
   Case study: Phone no. and ID no. are requested for every
                 purchase made with an electronic means of payment. No
                 explanation of reason why or what the information is
                 ultimately used for; no privacy policy.
             
   Significance: possibility to match all purchases made by
                 individuals with their ID no. Link it with governmental
                 databases? Relationships between those purchases and the
                 stores’ discount grocery shopping cards?
             
   Business context: B2C transactions between, on the one
                 hand, foreign companies or their Colombian subsidiaries or
                 franchises of foreign companies and, on the other, Colombian
                 consumers.
             
   Relevance for US/EU companies: Do US/EU businesses’
                 subsidiaries in Colombia using such information collect it
                 legitimately and for valid reasons?




68   New Data Protection Laws and Case Law Trends in Central & South America
Phone no. and ID for every
                            purchase
             
   Problem: low level of trust in customer-business
                 relationships, very low level of consumer protection and
                 customer service; presumption of bad faith.
             
   Questions/Resolution:
                  
   How will the upcoming Colombian data protection law
                      apply?
                  
   What would have to change in current data management
                      practices?
             
   Take away: more transparency required from businesses
                 towards their customers with respect to the processing of
                 their personal information. Consumer protection mechanisms
                 must be established that much better ensure a higher level of
                 consumer protection and consumer privacy.




69   New Data Protection Laws and Case Law Trends in Central & South America
RFID transportation card




70   New Data Protection Laws and Case Law Trends in Central & South America
RFID transportation card

             
   Case study: Medellin metro card is delivered upon
                 identification and tracks all itineraries of travelers. Lack of
                 information about availability of an anonymous card and its
                 benefits (only drawbacks are mentioned to encourage
                 adoption of individualized card).
             
   Significance: use of customers’ personal location
                 information by public and private entitie; is covered by the
                 upcoming data protection law.
             
   Business context: procurement contracts between
                 Colombian government authorities and foreign companies.
             
   Relevance for US/EU companies: Potential sale of data
                 processing services to local governmental entities. Interest
                 for foreign companies to understand how the upcoming data
                 protection law applies to geo-location location personal
                 information.




71   New Data Protection Laws and Case Law Trends in Central & South America
RFID transportation card

               
   Problem: Data protection issues: transparency, access
                   rights, potential secondary uses of travelers’ personal
                   information. Concerns: no privacy policy; no information
                   about the type of information being collected by the
                   system; about the uses of the itinerary information now and
                   later in time; about the current or considered secondary
                   uses; and about the possibility to ask for an anonymous
                   card. Use of data by private and public actors.
               
   Questions: How will the upcoming Colombian data
                   protection law apply? What would have to change in current
                   data management practices?
               
   Resolution: comply in advance and better than local
                   companies.




72   New Data Protection Laws and Case Law Trends in Central & South America
RFID transportation card
                       (comparison with Uruguayan case)




73   New Data Protection Laws and Case Law Trends in Central & South America
Privacy in e-government services

                  
  General obligation of all government
                     entities that use electronic resources to
                     manage the information of citizens in a
                     manner respectful to their privacy.
                  
  Decree No. 1151 of 2008 establishes
                     general principles to follow in how online
                     services are provided by the government.
                  
  Protection of privacy is further regulated
                     by the Ministry of Communications’ “e-
                     Government Policy Manual,” applicable
                     throughout all governmental entities.




74   New Data Protection Laws and Case Law Trends in Central & South America
Colombia: take aways

             
   1. Get an edge over your competitors: be
                 transparent, explain, clarify how your company/
                 affiliate will use individuals/customers’ personal
                 information.
             
   2. Don’t wait for the Colombian companies to
                 comply with the law: being seen as an early
                 adopter will be good for business and reputation.
             
   3. Trust your consumers; trust will breed
                 reciprocal trust in your products, services,
                 reputation and brand.




75   New Data Protection Laws and Case Law Trends in Central & South America
Colombia: take aways

             
   4. Follow all consumer protection regulations, and
                 go beyond strict compliance. Do better than
                 Colombian companies. Mandate your franchisees to
                 be consumer protection-friendly, like in the United
                 States, not like in Colombia.
             
   5. Develop a reputation for being fully reliable for
                 your customers.
             
   6. Get advice both from a local counsel (to conceive
                 the most adequate data protection solution to fit in
                 the cultural context) and from a global data
                 protection counsel. Both professionals will be
                 necessary to design how your company will comply
                 with the local data protection rules.




76   New Data Protection Laws and Case Law Trends in Central & South America
CENTRAL AMERICA
                                                    COSTA RICA

                                                    EL SALVADOR


                                                    GUATEMALA


                                                    HONDURAS


                                                    NICARAGUA
     PANAMA



77    New Data Protection Laws and Case Law Trends in Central & South America
CENTRAL AMERICA

     PROTECTION AT THE CONSTITUTIONAL LEVEL
     -  No Central American country has an express recognition for the right to
     data protection.
     -  However, most countries provide constitutional protection for the “right
     to privacy”, except Panama and Guatemala.
     - Countries do not have “habeas data” at the constitutional level, but
     some of them have a general constitutional remedy.

     PROTECTION IN THE LAW
     -  No Central American country has a comprehensive personal data
     protection law.
     -  Most countries have legal provisions that protect personal data
     in their laws on access to information and public transparency
     (Panama, 2002; Honduras, 2006; Nicaragua, 2007; and
     Guatemala, 2008).
     -  There are telecommunication laws and credit reporting laws.


78     New Data Protection Laws and Case Law Trends in Central & South America
CENTRAL AMERICA

     INTERNATIONAL INSTRUMENTS

     -  Political Dialogue and Cooperation Agreement between the
     EU and Central America (2003): parties agreed to cooperate
     on the protection in the processing of personal data.


     BILLS ON PERSONAL DATA PROTECTION

     -  At least two Central American countries have
     had legislative discussion on bills that would
     regulate data protection: Costa Rica and
     Nicaragua. Costa Rica has a new data protection
     law since Sept. 7, 2011.


79   New Data Protection Laws and Case Law Trends in Central & South America
Costa Rica

                   
   Sept. 7, 2011: new Personal Data
                       Protection Law No. 8968 enters into
                       force.
                   
   Regulates the processing of personal data
                       carried out by public and private entities:
                       all databases distributing or selling
                       information. (Personal or corporate
                       databases not covered by the law.)
                   
   Law modeled after the EU Data
                       Protection Directive. Regulates almost all
                       processing of all types of personal data.
                   
   Requires express written consent for
                       many data processing activities.



80   New Data Protection Laws and Case Law Trends in Central & South America
Costa Rica

                 
  4 main categories of personal data:
                      
  1. sensitive data: include socioeconomic
                         level, and medical and genetic conditions.
                      
  2. restricted access data: data included in
                         a public database but with restricted access
                         because only concerns person or public
                         entity involved. Individual must give written
                         consent for his personal data to be
                         disclosed.
                      
  3. special restricted access data: data
                         contained in public databases created by
                         law.
                      
  4. credit records: data that allows financial
                         institutions to evaluate an individual’s
                         creditworthiness based on the general
                         principles laid out in the new data
                         protection law.

81   New Data Protection Laws and Case Law Trends in Central & South America
Costa Rica
                  
  New data protection authority
                     created within the Ministry of Justice
                     (“Prodhab”) to implement the
                     legislation, inspect registered
                     databases and issue sanctions for legal
                     violations.
                  
  Commercial databases must be
                     registered before Prodhab and will be
                     subject to an annual fee for their
                     administration.
                  
  Data controller must pay a fee
                     (“canon”) to Prodhab for sales made
                     using commercial databases. Fee based
                     on no. of data sold or contract value.
                     Regulation to be implemented.

82   New Data Protection Laws and Case Law Trends in Central & South America
Peru


                       
   July 2011: Peru has its first data
                           protection law (“Ley N° 29733 de
                           Protección de Datos Personales”).
                       
   Data protection authority will be
                           part of the Ministry of Justice
                           (independence?) and in charge of a
                           National Registry of Personal Data; may
                           levy fines for violations of the law.
                       
   Decree must now be drafted.
                       
   Problem with the regulation of credit-
                           reporting databases: eludes crucial
                           issue.




83   New Data Protection Laws and Case Law Trends in Central & South America
Peru


                     
   National Register of Personal Data
                         Protection can record:
                           
  1) publicly or privately administered
                              personal databases;
                           
  2) authorizations issued pursuant to the
                              law;
                           
  3) sanctions imposed by the National
                              Authority; and
                           
  4) codes of conduct of the entities
                              representing the privately administered
                              personal database controllers or
                              processors.




84   New Data Protection Laws and Case Law Trends in Central & South America
Peru

                    
  Political willingness:
                          
  Free trade agreements: Peru signed
                             them in Nov. 2008 with the US and
                             Canada. Bilateral negociations under
                             way with the EU, South Korea and
                             China.
                          
  Call centers.
                    
  Transborder data flows:
                          
  Destination country must have a
                             sufficient level of protection for the
                             personal data to be processed, or at
                             least comparable to that provided by
                             the law.



85   New Data Protection Laws and Case Law Trends in Central & South America
General references
      1.- Agencia Española de Protección de Datos, cuatro gráficas aportadas a la fecha
      31032011. Anales del Seminario “El impacto de las transferencias internacionales de datos
      en América Latina. Las políticas preventivas y la autorregulación en la implantación de la
      normativa de protección de datos”, Cartagena de Indias, Colombia. Junio de 2011 <http://
      www.redipd.org/reuniones/seminario_2011_Cartagena/common/Ponencias/
      JesusRubiNavarreteMartes.pdf>.

      2.- José Luis Piñar Mañas. Protección de datos de carácter personal en Iberoamérica, Red
      Iberoamericana de Protección de Datos, Agencia Española de Protección de Datos, Ed.
      Tirant Lo Blanch Libros, Valencia, España. 2005.

      3.- José Luis Piñar Mañas, La Red Iberoamericana de Protección de Datos, Declaraciones y
      documentos. Ed. Tirant Lo Blanch. Valencia, 2006.

      4.- Oscar Puccinelli, El habeas data en Indoiberoamerica. Ed. Temis, Bogota, Colombia.
      1999.

      5.- Ana Brian Nougreres. De la protección de datos personales y la cooperación
      internacional. Anuario de Derecho Informático, Instituto de Derecho Informático, Facultad
      de Derecho, Universidad de la República. FCU. 2005.




86   New Data Protection Laws and Case Law Trends in Central & South America
General references
      6.- Cédric Laurant, “Emerging Data Protection Laws in Latin America and Doing Business in
      the EU”, Cedric’s Privacy Blog, Sept. 15, 2011 <http://blog.cedriclaurant.org/2011/09/15/
      emerging_data_protection_laws_in_latin_america_doing_business_in_eu/>.

      7.- Alberto Cerda, Cédric Laurant & Renato Opice Blum, “Recent Privacy and Data
      Protection Developments in Latin America and Their Impact on North American and
      European Multinational Companies”, IAPP Global Privacy Summit (Washington, DC – April
      21, 2010) <http://www.slideshare.net/cedriclaurant/quotrecent-privacy-and-data-
      protection-developments-in-latin-america-and-their-impact-on-north-american-and-
      european-multinational-companiesquot>.

      8.- Marcos Normativos en materia de Protección de Datos Personales. Actas del Seminario.
      Antigua, Guatemala, 2003.




87   New Data Protection Laws and Case Law Trends in Central & South America
References (Argentina)

     1.- Declaration regarding Argentina’s Adequation to the levels of data protection
     of the Directive 95/46/EC of the European Parliament and the Council,
     November 21, 2003 <http://ec.europa.eu/justice/policies/privacy/docs/
     adequacy/decision-c2003-1731/decision-argentine_en.pdf>.

     2.- Carlos E. Delpiazzo, Protección de datos en Uruguay y el Mercosur,
     Fundación de Cultura Universitaria. Montevideo, Uruguay, 2005.

     3.- “Argentina” country report in Privacy & Human Rights 2006, Electronic
     Privacy Information Center & Privacy International, December 18, 2007
     <https://www.privacyinternational.org/article/phr2006-argentine-republic>.




88     New Data Protection Laws and Case Law Trends in Central & South America
References (Brazil)
     1.- Brazilian Constitution, Title 2, Chapter 1, Article 5, X.
     http://www.planalto.gov.br/ccivil_03/constituicao/constitui%C3%A7ao.htm

     2.- Brazilian Constitution, Title 2, Chapter 1, Article 5, XI.
     http://www.planalto.gov.br/ccivil_03/constituicao/constitui%C3%A7ao.htm

     3.- Brazilian Constitution, Title 2, Chapter 1, Article 5, XII.
     http://www.planalto.gov.br/ccivil_03/constituicao/constitui%C3%A7ao.htm

     4.- Brazilian Constitution, Title 2, Chapter 1, Article 5, XIV.
     http://www.planalto.gov.br/ccivil_03/constituicao/constitui%C3%A7ao.htm

     5.- Brazilian Constitution, Title 2, Chapter 1, Article 5, LXXII.
     http://www.planalto.gov.br/ccivil_03/constituicao/constitui%C3%A7ao.htm

     6.- Federal Law No. 9.507/1997 (Habeas Data).
     http://www.planalto.gov.br/ccivil_03/leis/l9507.htm

     7.- Federal Law No. 9.507/1997, Article 4 § 1.
     http://www.planalto.gov.br/ccivil_03/leis/l9507.htm




89   New Data Protection Laws and Case Law Trends in Central & South America
References (Brazil)
     8.- Federal Law No. 9.507/1997, Article 4 § 2.
     http://www.planalto.gov.br/ccivil_03/leis/l9507.htm

     9.- Federal Law No. 10.406, January 12, 2002 (Civil Code).
     http://www.planalto.gov.br/ccivil_03/leis/2002/L10406.htm

     10.- Federal Law No. 7.232, October 29, 1984 (National Computer Policy).
     http://www.planalto.gov.br/ccivil_03/leis/L7232.htm

     11.- Federal Law No. 9.472, July 16, 1997, Book 1, Art. 3, IX. (Telecommunications Act).
     http://www.consumidorbrasil.com.br/consumidorbrasil/textos/legislacao/l9472.htm

     12.- Federal Law No. 9.454, April 7, 1997 (National Identity Registration).
     http://www.planalto.gov.br/ccivil_03/Leis/L9454.htm

     13.- Federal Law No. 8.078, Article 43, September 11, 1990 (Consumer´s Code).
     http://www.planalto.gov.br/ccivil_03/leis/L8078.htm

     14.- Document nº 05/2002, of the Economic Law Secretariat, Ministry of Justice
     (Secretaria de Direito Econômico (SDE) do Ministério da Justiça).




90   New Data Protection Laws and Case Law Trends in Central & South America
References (Brazil)
     15.- Personal Data Bill: regulates the protection of personal data, privacy and
     other matters <http://www.cgu.gov.br/acessoainformacao/arquivos/
     anteprojeto-lei-protecao-dados-pessoais.pdf>.

     16.- Renato Leite Monteiro & Caio César Carvalho Lima, Comentários ao
     Anteprojeto de Lei Brasileiro sobre Proteção de Dados Pessoais, Information
     Security Breaches & The Law Blog, May 2011 <http://
     securitybreaches.files.wordpress.com/2011/05/anteprojeto-de-lei-brasileiro-
     sobre-protecao-de-dados-pessoais.pdf>.

     17.- Renato Leite Monteiro & Cédric Laurant, “New Brazilian Data Protection Bill
     Adopts Data Breach Notification Regime”, Information Security Breaches & The
     Law Blog, May 9, 2011 <http://blog.security-breaches.com/2011/05/09/
     new_brazilian_data_protection_bill_adopts_data_breach_notification_regime/>.

     18. Renato Leite Monteiro , “Comentários ao Anteprojeto de Lei Brasileiro sobre
     Proteção de Dados Pessoais”, Information Security Breaches & The Law Blog,
     May 1, 2011 <http://blog.security-breaches.com/2011/05/01/comentarios-ao-
     anteprojeto-de-lei-brasileiro-sobre-protecao-de-dados-pessoais/>.




91    New Data Protection Laws and Case Law Trends in Central & South America
References (Brazil)
     19.- “Brazil” country report in Privacy & Human Rights 2006, Electronic Privacy
     Information Center & Privacy International, December 18, 2007 <https://
     www.privacyinternational.org/article/phr2006-federative-republic-brazil>.

     20.- Danilo Doneda, Da privacidade a proteção de dados pessoais, Ed. Renovar.
     Rio de Janeiro, Brasil, 2006.

     21.- Stefano Rodota. A vida na sociedade da vigilancia, a privacidade hoje, Ed.
     Renovar, trad. Maria Celina Bodin de Moraes, Rio de Janeiro, 2008.

     22.- Temis Limberger. O direito a intimidade na era da informática. Ed. Livraria
     do Avogado, Brasil, 2007.




92    New Data Protection Laws and Case Law Trends in Central & South America
References (Colombia)
     1.- Informe de conciliación al Proyecto de Ley Número 046 de 2010 Cámara,
     184 de 2010 Senado (upcoming Colombian data protection law) <http://
     www.habeasdata.org.co/wp-content/uploads/2010/12/Informe-
     Conciliación1.pdf>.

     2.- Fernando Triana and Carolina Díaz (Triana, Uribe & Michelsen), “Data
     Protection: Colombia”, April 1, 2010 <http://ipandit.practicallaw.com/
     7-502-5167?source=relatedcontent>.

     3.- Observatorio de la protección de datos personales en Colombia <http://
     www.habeasdata.org.co/>.

     4.- Nelson Remolina-Angarita, “¿Tiene Colombia un nivel adecuado de protección
     de datos personales a la luz del estándar europeo?, 16 International Law,
     Revista Colombiana de Derecho Internacional, 489-524 (2010) <http://
     www.habeasdata.org.co/wp-content/uploads/2010/08/colombia-y-nivel-
     adecuado-de-proteccion-de-datos-nelson-remolina-il-julio-de-2010.pdf>.

     5.- Nelson Remolina-Angarita, “Propuestas para mejorar y aprobar el proyecto
     de ley estatutaria sobre el derecho fundamental del habeas data y la protección
     de los datos personales”, Documento GECTI No 11, Noviembre 24 de 2010
     <http://www.habeasdata.org.co/wp-content/uploads/2010/12/documento-
     gecti-11-de-2010.pdf>.




93   New Data Protection Laws and Case Law Trends in Central & South America
References (Colombia)
     6.- Cédric Laurant, Summer course of continuing legal education: “Data
     Protection & Privacy around the World”, School of Law, Universidad de los
     Andes (Bogota, Colombia – June 17 - July 7, 2008).

     7.- Spanish Data Protection Agency, “Report on International Data Transfers –
     Ex Officio Sectorial Inspection of Spain-Colombia at Call Centres”, July 2007
     <http://www.agpd.es/portalwebAGPD/jornadas/
     transferencias_internacionales_datos/common/pdfs/
     report_Inter_data_transfers_colombia_en.pdf>.

     8.- “Colombia” country report in Privacy & Human Rights 2006, Electronic
     Privacy Information Center & Privacy International, December 18, 2007
     <https://www.privacyinternational.org/article/phr2006-colombia>. 




94   New Data Protection Laws and Case Law Trends in Central & South America
References (Costa Rica)
 1.- Personal Data Protection Law No. 8968 of Sept. 7, 2011 (Ley de
 “Protección de la Persona frente al tratamiento de sus datos personales”)
 <http://www.pgr.go.cr/scij/Busqueda/Normativa/Normas/nrm_repartidor.asp?
 param1=NRTC&nValor1=1&nValor2=70975&nValor3=85989&strTipM=TC>.

 2.- “Protection of the Person in the Processing of His Personal Data” (Data
 protection bill, “Ley de protección de la persona frente al tratamiento de sus
 datos personales”) <http://www.elderechoinformatico.com/index.php?
 option=com_content&view=article&id=508:ley-proteccion-de-datos-
 personales-costa-rica&catid=1:datos-personales&Itemid=54>.

 3.- Roberto Lemaitre, “Proyecto de Ley - Expte. 16.679 “Protección de la
 Persona frente al tratamiento de Datos Personales”, 11 de Junio de 2011
 <http://www.elderechoinformatico.com/index.php?
 option=com_content&view=article&id=583:proyecto-de-ley-
 expediente-16679-proteccion-de-la-persona-frente-al-tratamiento-datos-
 personales&catid=118:elderechoinformatico-costa-rica&Itemid=122>.

 4.- Costa Rica country report in Privacy & Human Rights 2006, Electronic
 Privacy Information Center & Privacy International, December 18, 2007
 <https://www.privacyinternational.org/article/phr2006-costa-rica>.




95    New Data Protection Laws and Case Law Trends in Central & South America
References (Peru)
 1.- Ley de Protección de Datos personales, 3 de julio de 2011 <http://
 securitybreaches.files.wordpress.com/2011/07/110703-ley_peruana-pdp-
 no29733.pdf>.

 2.- Department of Commerce, English translation of Peru’s Law for Personal Data
 Protection (Ley de Protección de Datos Personales) <http://
 www.huntonprivacyblog.com/uploads/file/Peru%20Data%20Protection%20Law
 %20July%2028_EN%20_2_.pdf>.

 3.- Iriarte & Asociados, Handbook IA N° 6 - Protección de Datos Personales-
 Entidades Privadas, v. 1.0, julio de 2011 <http://www.iriartelaw.com/apc-aa-
 iriartelaw/img_upload/80fbc41a7158c9c9b59314f28f167fb1/
 Handbook_IA_N__6_ley_de_Protecci_n_de_Datos_Personales.pdf>.

 4.- Carlos Ferreyros Soto, “Los desafios digitales del Ministerio de Justicia: El
 Sistema Peruano de Información Judicial, SPIJ y la Ley de Datos Personales”, 30
 June 2011, <http://derecho-ntic.blogspot.com/2011/06/los-desafios-digitales-del-
 ministerio.html>.

 5.- José Miguel Silva, “Ley de protección de datos personales: Todo lo que usted
 debe saber”, LaRepublica.pe, 23 June 2011 <http://www.larepublica.pe/
 23-06-2011/ley-de-proteccion-de-datos-personales-todo-lo-que-usted-debe-
 saber>.



96   New Data Protection Laws and Case Law Trends in Central & South America
References (Peru)
 6.- Cédric Laurant, “Perspectivas europeas sobre la protección de los
 consumidores y usuarios peruanos del Internet. Interpretando el nuevo Código
 peruano de Protección y Defensa del Consumidor (Ley No. 29571)” (Conferencia
 internacional: “Implicancias del Nuevo Codigo de Proteccion y Defense del
 Consumidor: Nuevos Retos”), Asociación Nacional de Defensa del Consumidor,
 Universidad Nacional Jorge Basadre Grohmann, Tacna, Peru – December 21,
 2010) <http://www.slideshare.net/cedriclaurant/perspectivas-europeas-sobre-la-
 proteccin-de-los-consumidores-y-usuarios-peruanos-del-internetinterpretando-el-
 nuevo-cdigo-peruano-de-protecciny-defensa-del-consumidor-ley-no-29571>.

 7.- “Peru” country report in Privacy & Human Rights 2006, Electronic Privacy
 Information Center & Privacy International, December 18, 2007
 <https://www.privacyinternational.org/article/phr2006-republic-peru>. 




97   New Data Protection Laws and Case Law Trends in Central & South America
References (Uruguay)
 1.- The Uruguayan laws can be consulted at <http://www.parlamento.gub.uy>.

 2.- Text of the Uruguayan decrees can be consulted at <http://
 www.presidencia.gub.uy>.

 3.- Ana Brian Nougreres, “El sistema legal uruguayo en protección de datos
 personales y acceso a la información pública,” Universidad de Los Andes, Bogotá,
 Colombia, 2010.

 4.- Opinion 6/2010 on the level of protection of personal data in the Eastern
 Republic of Uruguay, adopted October 12, 2010, 0475/10/EN WP 117 <http://
 ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp177_en.pdf>.

 5.- Ana Brian Nougreres. Taller sobre Protección de Datos Personales, Colegio de
 Abogados del Uruguay, Montevideo, 2010.

 6.- Augusto Duran Martinez, Derecho a la Protección de Datos personales y al
 acceso a la información pública, Ed. Amalio Fernández, Montevideo, Uruguay,, 2009.




98   New Data Protection Laws and Case Law Trends in Central & South America
References (Uruguay)
 7.- Carlos E. Delpiazzo, Protección de datos en Uruguay y el Mercosur, Fundación de
 Cultura Universitaria. Montevideo, Uruguay, 2005.

 8.- Ana Brian Nougreres, “Integración Iberoamericana en materia de protección de
 Datos Personales”, Anuario de Derecho Informático, Montevideo, Uruguay, 2007.

 9.- Ana Brian Nougreres. Protección de datos personales en Uruguay. Imp. Teijeiro.
 Montevideo, Uruguay, 2009.

 10.- “Uruguay” country report in Privacy & Human Rights 2006, Electronic Privacy
 Information Center & Privacy International, December 18, 2007 <https://
 www.privacyinternational.org/article/phr2006-republic-uruguay>.

 12.- Ana Brian Nougreres, “El sistema de transporte metropolitano y la protección
 de datos personales de los uruguayos”, Anuario de Derecho Informatico, Instituto de
 Derecho Informático, Facultad de Derecho, Universidad de la República, FCU, 2007.




99   New Data Protection Laws and Case Law Trends in Central & South America
Outline

             
  Introduction

             
  A. Brazil

             
  B. Uruguay & Argentina

             
  C. Colombia, Peru, Costa Rica

             
  D. Key take aways (Cedric Laurant)

             
  Q & A


100   New Data Protection Laws and Case Law Trends in Central & South America
Key take aways

       •  1. Get an edge over your competitors:
          be transparent, explain, clarify how
          your company/affiliate will use
          individuals/customers’ personal
          information.
       •  2. Being seen as an early adopter will
          be good for business and reputation.
       •  3. Trust your consumers (trust breeds
          trust, in your products, services,
          reputation, brand).

101   New Data Protection Laws and Case Law Trends in Central & South America
Key take aways

       •  4. Follow all consumer protection
          regulations and go beyond strict
          compliance.
       •  5. Build your company’s reputation as
          being fully reliable for your customers.
       •  6. Get advice not only from local
          counsel, but also from global ones.




102   New Data Protection Laws and Case Law Trends in Central & South America
Outline

             
  Introduction

             
  A. Brazil

             
  B. Uruguay & Argentina

             
  C. Colombia, Peru, Costa Rica

             
  D. Key take aways

             
  Q & A


103   New Data Protection Laws and Case Law Trends in Central & South America
Panelists: contact info
                   Cedric Laurant, Esq., LL.M.
                   Principal, Cedric Laurant Consulting (Belgium)
                   http://cedriclaurant.com – Twitter: @cedric_laurant
                   c [at] cedriclaurant [dot] com


                   Dra. Ana Brian Nougreres
                   Law Professor, Universidad de la República
                   Oriental del Uruguay; Chief Consultant, Estudio
                   Jurídico Briann & Associates (Uruguay)
                   abrian [at] netgate [dot] com [dot] uy


                   Renato Opice Blum
                   CEO and Partner, Opice Blum Advogados
                   Associados (Brazil)
                   http://www.opiceblum.com.br – Twitter: @opiceblum
                   renato [at] opiceblum [dot] com [dot] br


104   New Data Protection Laws and Case Law Trends in Central & South America

More Related Content

Viewers also liked

South America\ S History And Culture Powerpoint
South America\ S History And Culture PowerpointSouth America\ S History And Culture Powerpoint
South America\ S History And Culture Powerpointmontathomas
 
South America PowerPoint
South America PowerPointSouth America PowerPoint
South America PowerPointCaroline Baum
 
Be aware of the ICT laws that apply to your organisation
Be aware of the ICT laws that apply to your organisationBe aware of the ICT laws that apply to your organisation
Be aware of the ICT laws that apply to your organisationLance Michalson
 
Privacy and Protection of Personal Information law seminar
Privacy and Protection of Personal Information law seminarPrivacy and Protection of Personal Information law seminar
Privacy and Protection of Personal Information law seminarLance Michalson
 
The Hidden Gem Of South America
The Hidden Gem Of South AmericaThe Hidden Gem Of South America
The Hidden Gem Of South Americametravel
 
Insights on the changes operated in forest value-chain management in South Am...
Insights on the changes operated in forest value-chain management in South Am...Insights on the changes operated in forest value-chain management in South Am...
Insights on the changes operated in forest value-chain management in South Am...marcos Marcos
 
Latin america final
Latin america finalLatin america final
Latin america finalBen Ely
 
Editable vector business usa south carolina state and county powerpoint maps ...
Editable vector business usa south carolina state and county powerpoint maps ...Editable vector business usa south carolina state and county powerpoint maps ...
Editable vector business usa south carolina state and county powerpoint maps ...SlideTeam.net
 
Editable vector business usa south dakota state and county powerpoint maps un...
Editable vector business usa south dakota state and county powerpoint maps un...Editable vector business usa south dakota state and county powerpoint maps un...
Editable vector business usa south dakota state and county powerpoint maps un...SlideTeam.net
 
South america powerpoint
South america powerpointSouth america powerpoint
South america powerpointmdshirle
 
Culture and Economy of South America
Culture and Economy of South AmericaCulture and Economy of South America
Culture and Economy of South AmericaNahid Hossen
 
South America - before and after Columbus
South America - before and after ColumbusSouth America - before and after Columbus
South America - before and after Columbusalfaoxford
 
Latin america powerpoint
Latin america powerpointLatin america powerpoint
Latin america powerpointsharpieking
 
Health surveillance in South America: epidemiological, sanitary and environme...
Health surveillance in South America: epidemiological, sanitary and environme...Health surveillance in South America: epidemiological, sanitary and environme...
Health surveillance in South America: epidemiological, sanitary and environme...Isags Unasur
 
South america powerpoint editable continent map with countries templates slides
South america powerpoint editable continent map with countries templates slidesSouth america powerpoint editable continent map with countries templates slides
South america powerpoint editable continent map with countries templates slidesSlideTeam.net
 

Viewers also liked (17)

South america
South americaSouth america
South america
 
South America\ S History And Culture Powerpoint
South America\ S History And Culture PowerpointSouth America\ S History And Culture Powerpoint
South America\ S History And Culture Powerpoint
 
South America PowerPoint
South America PowerPointSouth America PowerPoint
South America PowerPoint
 
Be aware of the ICT laws that apply to your organisation
Be aware of the ICT laws that apply to your organisationBe aware of the ICT laws that apply to your organisation
Be aware of the ICT laws that apply to your organisation
 
Privacy and Protection of Personal Information law seminar
Privacy and Protection of Personal Information law seminarPrivacy and Protection of Personal Information law seminar
Privacy and Protection of Personal Information law seminar
 
The Hidden Gem Of South America
The Hidden Gem Of South AmericaThe Hidden Gem Of South America
The Hidden Gem Of South America
 
Insights on the changes operated in forest value-chain management in South Am...
Insights on the changes operated in forest value-chain management in South Am...Insights on the changes operated in forest value-chain management in South Am...
Insights on the changes operated in forest value-chain management in South Am...
 
Latin america final
Latin america finalLatin america final
Latin america final
 
Editable vector business usa south carolina state and county powerpoint maps ...
Editable vector business usa south carolina state and county powerpoint maps ...Editable vector business usa south carolina state and county powerpoint maps ...
Editable vector business usa south carolina state and county powerpoint maps ...
 
Editable vector business usa south dakota state and county powerpoint maps un...
Editable vector business usa south dakota state and county powerpoint maps un...Editable vector business usa south dakota state and county powerpoint maps un...
Editable vector business usa south dakota state and county powerpoint maps un...
 
South america powerpoint
South america powerpointSouth america powerpoint
South america powerpoint
 
Culture and Economy of South America
Culture and Economy of South AmericaCulture and Economy of South America
Culture and Economy of South America
 
South America - before and after Columbus
South America - before and after ColumbusSouth America - before and after Columbus
South America - before and after Columbus
 
Latin america powerpoint
Latin america powerpointLatin america powerpoint
Latin america powerpoint
 
South America
South AmericaSouth America
South America
 
Health surveillance in South America: epidemiological, sanitary and environme...
Health surveillance in South America: epidemiological, sanitary and environme...Health surveillance in South America: epidemiological, sanitary and environme...
Health surveillance in South America: epidemiological, sanitary and environme...
 
South america powerpoint editable continent map with countries templates slides
South america powerpoint editable continent map with countries templates slidesSouth america powerpoint editable continent map with countries templates slides
South america powerpoint editable continent map with countries templates slides
 

Similar to New Data Protection Laws and Case Law Trends in Central & South America

Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...Cédric Laurant
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxadampcarr67227
 
Legal Perspective on Information Management “New Social Media – The New Recor...
Legal Perspective on Information Management “New Social Media – The New Recor...Legal Perspective on Information Management “New Social Media – The New Recor...
Legal Perspective on Information Management “New Social Media – The New Recor...anthonywong
 
SIM - Mc leod ch10
SIM - Mc leod ch10SIM - Mc leod ch10
SIM - Mc leod ch10Welly Tjoe
 
Gdpr and usa data privacy issues
Gdpr and usa data privacy issuesGdpr and usa data privacy issues
Gdpr and usa data privacy issuesStefan Schippers
 
Revision Data Protection Act (Eduardo And Salvador)
Revision   Data Protection Act (Eduardo And Salvador)Revision   Data Protection Act (Eduardo And Salvador)
Revision Data Protection Act (Eduardo And Salvador)itgsabc
 
SECTOR-SPECIFIC-REGULATIONS-AND-A-FEW-HICCUPS-MORE-U.S.A-AND-ITS-PRIVACY-LAWS...
SECTOR-SPECIFIC-REGULATIONS-AND-A-FEW-HICCUPS-MORE-U.S.A-AND-ITS-PRIVACY-LAWS...SECTOR-SPECIFIC-REGULATIONS-AND-A-FEW-HICCUPS-MORE-U.S.A-AND-ITS-PRIVACY-LAWS...
SECTOR-SPECIFIC-REGULATIONS-AND-A-FEW-HICCUPS-MORE-U.S.A-AND-ITS-PRIVACY-LAWS...DaviesParker
 
Gagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago PresentationGagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago PresentationChristina Gagnier
 
Linking Data: The Legal Implications - SemTech2010
Linking Data: The Legal Implications - SemTech2010Linking Data: The Legal Implications - SemTech2010
Linking Data: The Legal Implications - SemTech2010mleyden
 
Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations  things you should know (pt.1)Data theft rules and regulations  things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)Faidepro
 
Challenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoChallenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoJoel A. Gómez Treviño
 
Revision Data Protection Act ( Eduardo And Salvador)
Revision    Data  Protection  Act ( Eduardo And  Salvador)Revision    Data  Protection  Act ( Eduardo And  Salvador)
Revision Data Protection Act ( Eduardo And Salvador)itgsabc
 
Your Mind: Legal Status, Rights, and Securing Yourself
Your Mind: Legal Status, Rights, and Securing YourselfYour Mind: Legal Status, Rights, and Securing Yourself
Your Mind: Legal Status, Rights, and Securing YourselfTifanija
 
1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docxhyacinthshackley2629
 
ODI Queensland - Open Data Essentials - Law and Licensing
ODI Queensland - Open Data Essentials - Law and LicensingODI Queensland - Open Data Essentials - Law and Licensing
ODI Queensland - Open Data Essentials - Law and LicensingAusGOAL
 
Online Advertising Legal Update 2014
Online Advertising Legal Update 2014Online Advertising Legal Update 2014
Online Advertising Legal Update 2014Internet Law Center
 

Similar to New Data Protection Laws and Case Law Trends in Central & South America (20)

Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...
 
The Right To Privacy
The Right To PrivacyThe Right To Privacy
The Right To Privacy
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
 
Legal Perspective on Information Management “New Social Media – The New Recor...
Legal Perspective on Information Management “New Social Media – The New Recor...Legal Perspective on Information Management “New Social Media – The New Recor...
Legal Perspective on Information Management “New Social Media – The New Recor...
 
SIM - Mc leod ch10
SIM - Mc leod ch10SIM - Mc leod ch10
SIM - Mc leod ch10
 
MIS chap # 10..
MIS chap # 10..MIS chap # 10..
MIS chap # 10..
 
Gdpr and usa data privacy issues
Gdpr and usa data privacy issuesGdpr and usa data privacy issues
Gdpr and usa data privacy issues
 
Revision Data Protection Act (Eduardo And Salvador)
Revision   Data Protection Act (Eduardo And Salvador)Revision   Data Protection Act (Eduardo And Salvador)
Revision Data Protection Act (Eduardo And Salvador)
 
Social Media and the Law
Social Media and the LawSocial Media and the Law
Social Media and the Law
 
SECTOR-SPECIFIC-REGULATIONS-AND-A-FEW-HICCUPS-MORE-U.S.A-AND-ITS-PRIVACY-LAWS...
SECTOR-SPECIFIC-REGULATIONS-AND-A-FEW-HICCUPS-MORE-U.S.A-AND-ITS-PRIVACY-LAWS...SECTOR-SPECIFIC-REGULATIONS-AND-A-FEW-HICCUPS-MORE-U.S.A-AND-ITS-PRIVACY-LAWS...
SECTOR-SPECIFIC-REGULATIONS-AND-A-FEW-HICCUPS-MORE-U.S.A-AND-ITS-PRIVACY-LAWS...
 
Gagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago PresentationGagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago Presentation
 
Linking Data: The Legal Implications - SemTech2010
Linking Data: The Legal Implications - SemTech2010Linking Data: The Legal Implications - SemTech2010
Linking Data: The Legal Implications - SemTech2010
 
Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations  things you should know (pt.1)Data theft rules and regulations  things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)
 
Challenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoChallenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in Mexico
 
Revision Data Protection Act ( Eduardo And Salvador)
Revision    Data  Protection  Act ( Eduardo And  Salvador)Revision    Data  Protection  Act ( Eduardo And  Salvador)
Revision Data Protection Act ( Eduardo And Salvador)
 
Your Mind: Legal Status, Rights, and Securing Yourself
Your Mind: Legal Status, Rights, and Securing YourselfYour Mind: Legal Status, Rights, and Securing Yourself
Your Mind: Legal Status, Rights, and Securing Yourself
 
1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx
 
ODI Queensland - Open Data Essentials - Law and Licensing
ODI Queensland - Open Data Essentials - Law and LicensingODI Queensland - Open Data Essentials - Law and Licensing
ODI Queensland - Open Data Essentials - Law and Licensing
 
Spokeo v Robins
Spokeo v RobinsSpokeo v Robins
Spokeo v Robins
 
Online Advertising Legal Update 2014
Online Advertising Legal Update 2014Online Advertising Legal Update 2014
Online Advertising Legal Update 2014
 

More from Cédric Laurant

"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz..."Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...Cédric Laurant
 
"Retention & Online Search: How Current Challenges for Privacy Become New Thr...
"Retention & Online Search: How Current Challenges for Privacy Become New Thr..."Retention & Online Search: How Current Challenges for Privacy Become New Thr...
"Retention & Online Search: How Current Challenges for Privacy Become New Thr...Cédric Laurant
 
Guía de Privacidad para Hispanohablantes 2012 (Privacy Guide for Spanish Spea...
Guía de Privacidad para Hispanohablantes 2012 (Privacy Guide for Spanish Spea...Guía de Privacidad para Hispanohablantes 2012 (Privacy Guide for Spanish Spea...
Guía de Privacidad para Hispanohablantes 2012 (Privacy Guide for Spanish Spea...Cédric Laurant
 
Perspectivas europeas sobre la protección de los consumidores y usuarios peru...
Perspectivas europeas sobre la protección de los consumidores y usuarios peru...Perspectivas europeas sobre la protección de los consumidores y usuarios peru...
Perspectivas europeas sobre la protección de los consumidores y usuarios peru...Cédric Laurant
 
Uso de las redes sociales en el ámbito laboral y derecho a la protección de l...
Uso de las redes sociales en el ámbito laboral y derecho a la protección de l...Uso de las redes sociales en el ámbito laboral y derecho a la protección de l...
Uso de las redes sociales en el ámbito laboral y derecho a la protección de l...Cédric Laurant
 
Cybercrimes in Europe - Recent Legal and Policy Developments (Fecomercio-SP, ...
Cybercrimes in Europe - Recent Legal and Policy Developments (Fecomercio-SP, ...Cybercrimes in Europe - Recent Legal and Policy Developments (Fecomercio-SP, ...
Cybercrimes in Europe - Recent Legal and Policy Developments (Fecomercio-SP, ...Cédric Laurant
 
Cybercrime Court Decisions from Latin America - Legal and Policy Developments...
Cybercrime Court Decisions from Latin America - Legal and Policy Developments...Cybercrime Court Decisions from Latin America - Legal and Policy Developments...
Cybercrime Court Decisions from Latin America - Legal and Policy Developments...Cédric Laurant
 
The BROAD and EPHR projects (Barcelona, Spain – 27 Feb. 2010)
The BROAD and EPHR projects (Barcelona, Spain – 27 Feb. 2010)The BROAD and EPHR projects (Barcelona, Spain – 27 Feb. 2010)
The BROAD and EPHR projects (Barcelona, Spain – 27 Feb. 2010)Cédric Laurant
 

More from Cédric Laurant (8)

"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz..."Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
 
"Retention & Online Search: How Current Challenges for Privacy Become New Thr...
"Retention & Online Search: How Current Challenges for Privacy Become New Thr..."Retention & Online Search: How Current Challenges for Privacy Become New Thr...
"Retention & Online Search: How Current Challenges for Privacy Become New Thr...
 
Guía de Privacidad para Hispanohablantes 2012 (Privacy Guide for Spanish Spea...
Guía de Privacidad para Hispanohablantes 2012 (Privacy Guide for Spanish Spea...Guía de Privacidad para Hispanohablantes 2012 (Privacy Guide for Spanish Spea...
Guía de Privacidad para Hispanohablantes 2012 (Privacy Guide for Spanish Spea...
 
Perspectivas europeas sobre la protección de los consumidores y usuarios peru...
Perspectivas europeas sobre la protección de los consumidores y usuarios peru...Perspectivas europeas sobre la protección de los consumidores y usuarios peru...
Perspectivas europeas sobre la protección de los consumidores y usuarios peru...
 
Uso de las redes sociales en el ámbito laboral y derecho a la protección de l...
Uso de las redes sociales en el ámbito laboral y derecho a la protección de l...Uso de las redes sociales en el ámbito laboral y derecho a la protección de l...
Uso de las redes sociales en el ámbito laboral y derecho a la protección de l...
 
Cybercrimes in Europe - Recent Legal and Policy Developments (Fecomercio-SP, ...
Cybercrimes in Europe - Recent Legal and Policy Developments (Fecomercio-SP, ...Cybercrimes in Europe - Recent Legal and Policy Developments (Fecomercio-SP, ...
Cybercrimes in Europe - Recent Legal and Policy Developments (Fecomercio-SP, ...
 
Cybercrime Court Decisions from Latin America - Legal and Policy Developments...
Cybercrime Court Decisions from Latin America - Legal and Policy Developments...Cybercrime Court Decisions from Latin America - Legal and Policy Developments...
Cybercrime Court Decisions from Latin America - Legal and Policy Developments...
 
The BROAD and EPHR projects (Barcelona, Spain – 27 Feb. 2010)
The BROAD and EPHR projects (Barcelona, Spain – 27 Feb. 2010)The BROAD and EPHR projects (Barcelona, Spain – 27 Feb. 2010)
The BROAD and EPHR projects (Barcelona, Spain – 27 Feb. 2010)
 

Recently uploaded

Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...IMARC Group
 
Lecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb toLecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb toumarfarooquejamali32
 
Project Brief & Information Architecture Report
Project Brief & Information Architecture ReportProject Brief & Information Architecture Report
Project Brief & Information Architecture Reportamberjiles31
 
NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023Steve Rader
 
Intellectual Property Licensing Examples
Intellectual Property Licensing ExamplesIntellectual Property Licensing Examples
Intellectual Property Licensing Examplesamberjiles31
 
Upgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking ApplicationsUpgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking ApplicationsIntellect Design Arena Ltd
 
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...Khaled Al Awadi
 
7movierulz.uk
7movierulz.uk7movierulz.uk
7movierulz.ukaroemirsr
 
Developing Coaching Skills: Mine, Yours, Ours
Developing Coaching Skills: Mine, Yours, OursDeveloping Coaching Skills: Mine, Yours, Ours
Developing Coaching Skills: Mine, Yours, OursKaiNexus
 
Harvard Business Review.pptx | Navigating Labor Unrest (March-April 2024)
Harvard Business Review.pptx | Navigating Labor Unrest (March-April 2024)Harvard Business Review.pptx | Navigating Labor Unrest (March-April 2024)
Harvard Business Review.pptx | Navigating Labor Unrest (March-April 2024)tazeenaila12
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access
 
Building Your Personal Brand on LinkedIn - Expert Planet- 2024
 Building Your Personal Brand on LinkedIn - Expert Planet-  2024 Building Your Personal Brand on LinkedIn - Expert Planet-  2024
Building Your Personal Brand on LinkedIn - Expert Planet- 2024Stephan Koning
 
Ethical stalking by Mark Williams. UpliftLive 2024
Ethical stalking by Mark Williams. UpliftLive 2024Ethical stalking by Mark Williams. UpliftLive 2024
Ethical stalking by Mark Williams. UpliftLive 2024Winbusinessin
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access
 
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John MeulemansBCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John MeulemansBBPMedia1
 
Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)Lviv Startup Club
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access
 
TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...
TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...
TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...TalentView
 
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003believeminhh
 

Recently uploaded (20)

Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
 
Lecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb toLecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb to
 
Project Brief & Information Architecture Report
Project Brief & Information Architecture ReportProject Brief & Information Architecture Report
Project Brief & Information Architecture Report
 
Investment Opportunity for Thailand's Automotive & EV Industries
Investment Opportunity for Thailand's Automotive & EV IndustriesInvestment Opportunity for Thailand's Automotive & EV Industries
Investment Opportunity for Thailand's Automotive & EV Industries
 
NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023
 
Intellectual Property Licensing Examples
Intellectual Property Licensing ExamplesIntellectual Property Licensing Examples
Intellectual Property Licensing Examples
 
Upgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking ApplicationsUpgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking Applications
 
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...
 
7movierulz.uk
7movierulz.uk7movierulz.uk
7movierulz.uk
 
Developing Coaching Skills: Mine, Yours, Ours
Developing Coaching Skills: Mine, Yours, OursDeveloping Coaching Skills: Mine, Yours, Ours
Developing Coaching Skills: Mine, Yours, Ours
 
Harvard Business Review.pptx | Navigating Labor Unrest (March-April 2024)
Harvard Business Review.pptx | Navigating Labor Unrest (March-April 2024)Harvard Business Review.pptx | Navigating Labor Unrest (March-April 2024)
Harvard Business Review.pptx | Navigating Labor Unrest (March-April 2024)
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024
 
Building Your Personal Brand on LinkedIn - Expert Planet- 2024
 Building Your Personal Brand on LinkedIn - Expert Planet-  2024 Building Your Personal Brand on LinkedIn - Expert Planet-  2024
Building Your Personal Brand on LinkedIn - Expert Planet- 2024
 
Ethical stalking by Mark Williams. UpliftLive 2024
Ethical stalking by Mark Williams. UpliftLive 2024Ethical stalking by Mark Williams. UpliftLive 2024
Ethical stalking by Mark Williams. UpliftLive 2024
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024
 
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John MeulemansBCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
 
Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024
 
TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...
TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...
TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...
 
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
 

New Data Protection Laws and Case Law Trends in Central & South America

  • 1. New Data Protection Laws and Case Law Trends in Central & South America (final version) Dallas, TX (USA) September 15, 2011 Cédric Laurant Ana Brian Nougrères Renato Opice Blum © 2011 Presentation available at <http://cedriclaurant.com/wp-content/uploads/2011/09/110916-new_latam_data_prot_laws_case_law_trends- fv.pdf.zip>
  • 2. WWW.OPICEBLUM.COM.BR Renato Opice Blum renato@opiceblum.com.br @opiceblum Attorney and economist, Digital Law coordinator of GVLaw and of the MBA on Electronic Law at Escola Paulista de Direito; Invited- Professor at USP and Mackenzie Presbyterian University; President of the Council of Information Technology and Communication of the Commerce Federation of São Paulo/SP and of the Technology Law Committee of AMCHAM; Advisor of the Committee of High Technology Crimes of Brazilian Bar Association; International Lectures: Global Privacy Summit 2010, 73rd Conference of the International Law Association; ISSA International Conference 2010; HTCIA International Conference 2010; Inter American Bar Association: Reunión del Consejo y Seminario 2010, Invited Participant at The Sedona Conference 2010 and invited lecturer at the 3rd Annual Sedona Conference 2011; Seton Hall Law – 2011 and ABA annual meeting 2011; Coordinator and co-author of the book “Manual of Electronic Law and Internet” and “Electronic Law: internet and the courts” 2 New Data Protection Laws and Case Law Trends in Central & South America
  • 3. Dra. Ana Brian Nougreres Legal Consultant at the Uruguayan Parliament, Senate and Chamber of Representatives and at the Uruguayan College of Attorneys. Teacher at School of Law, Legal Informatics Chair, Universidad de la República Oriental del Uruguay. Chief Consultant at Estudio Jurídico Briann and Associates. E-mail: abrian [at] netgate [dot] com [dot] uy  3 New Data Protection Laws and Case Law Trends in Central & South America
  • 4. Cédric Laurant   rincipal, Cedric Laurant P Consulting (Brussels)   ttorney at law (Washington, A DC) E-mail: c [at] cedriclaurant [dot] com Website: http://cedriclaurant.com Blogs: http://cedriclaurant.org http://security-breaches.com Linkedin: http://www.linkedin.com/in/cedriclaurant 4 New Data Protection Laws and Case Law Trends in Central & South America
  • 5. Outline  Introduction  A. Brazil  B. Uruguay & Argentina  C. Colombia, Peru, Costa Rica  D. Key take aways  Q & A 5 New Data Protection Laws and Case Law Trends in Central & South America
  • 6. Outline  Introduction (Cedric Laurant)  A. Brazil  B. Uruguay & Argentina  C. Colombia, Peru, Costa Rica  D. Key take aways  Q & A 6 New Data Protection Laws and Case Law Trends in Central & South America
  • 7. 7 New Data Protection Laws and Case Law Trends in Central & South America
  • 8. 8 New Data Protection Laws and Case Law Trends in Central & South America
  • 9. Introduction   Most important privacy developments in Brazil, Argentina, Uruguay, Colombia, Peru and Costa Rica.   Recent regulatory and case law trends that affect how you do business in Central and South America.   How the most recent Latin American data protection laws are likely to be implemented.   Q&A 9 New Data Protection Laws and Case Law Trends in Central & South America
  • 10. Outline  Introduction  A. Brazil (Renato Opice Blum)  B. Uruguay & Argentina  C. Colombia, Peru, Costa Rica  D. Key take aways  Q & A 10 New Data Protection Laws and Case Law Trends in Central & South America
  • 11. Brazil 11 New Data Protection Laws and Case Law Trends in Central & South America
  • 12. The children of darkness are always faster than the children of light. Lucas chapter 16 verse 8 12 New Data Protection Laws and Case Law Trends in Central & South America
  • 13. BRAZIL – SOME CASES MEDICAL CLINIC database copy / unfair competition M COMPANY illegal video BROKER COMPANY database breach / unfair competition T COMPANY database breach CHEMICAL INDUSTRY COMPANY database breach RACE DRIVER image damage BEVERAGE COMPANY 483 confidential files 13 New Data Protection Laws and Case Law Trends in Central & South America
  • 14. PERSONAL DATA BILL OF LAW Article 1. The aim of this project guarantees and protection, in the area personal information specially dignity and fundamental rights of the person, specially with regard to his/her freedom, equality and personal privacy in terms of art 5 of Federal Constitution. Article 2. Everybody has the right to the protection of his/her personal data. 14 New Data Protection Laws and Case Law Trends in Central & South America
  • 15. PERSONAL DATA BILL OF LAW Article 35. The international transfer of personal data is only allowed to countries that provide a level of data protection comparable to the one of this law, unless the following exceptions: I - when the owner has expressed his own free consent, express and informed to the transfer; II - when it is necessary for the implementation of obligation under a contract of which the holder is a party; III - when it is necessary to guarantee a significant public interest specified by law; IV - when it is necessary for international cooperation among government agencies for intelligence and research, according to international law instruments to which Brazil is bounded; V - when it is necessary to defend a right in court, if the data are transferred solely for this purpose and for the necessary period of time; VI - when it is necessary to protect the life or physical safety of the owner or third party, if the holder cannot provide its consent because of physical impossibility, incapacity to act or understand. 15 New Data Protection Laws and Case Law Trends in Central & South America
  • 16. CONSTITUTION Section 5.10 – Intimacy, privacy, honor and image of persons – INVIOLABLE. Section 5.12 – Secrecy of correspondence and Telecom – INVIOLABLE. CIVIL CODE Section 20 – Disclosure of writings, the transmission of the word, or publication, display or use of the image of a person. Section 21 – Private life of a person – INVIOLABLE. EXPECTATION OF PRIVACY SÃO PAULO STATE COURT DECISION Violation of image rights, privacy, intimacy and honor by being photographed and filmed (in intimacy) on locations – Spanish beach – Injunction to terminate the exhibition of movies and photos on web- sites because of the presumption of lack of consent to the publication. Filling with a daily penalty payment of $ 250,000.00, to inhibit infringement of the command to abstain. The paparazzi are known for aggressively working with the capture of images, which characterizes the illegality of their activities [voyeurism]. Denying injunctive relief would reward the work of these professionals that do not require authorization for their photos and, especially, to legalize the sensationalism and scandal propagated by the media, without permission of those involved. 16 New Data Protection Laws and Case Law Trends in Central & South America
  • 17. NEWS ON THE INTERNET CAUSES HARM TO CITIZEN’S HONOR. HE WAS NOT GUILTY, BUT THERE WAS NO NEWS ABOUT THAT, ONLY ABOUT THE ONGOING LAWSUIT. JUDGE ORDERS GOOGLE TO SET UP A FILTER TO RANDOMIZE RESULTS WITH THE PLAINTIFF’S NAME, ENABLING VARIETY OF NEWS PARANA STATE COURT 1819/2008 17 New Data Protection Laws and Case Law Trends in Central & South America
  • 18. Brazilian authority postpones to 2012 legislation that obliges tracking devices in new cars. The Brazilian National Transit Counsel has postponed to 2012 the obligation to install anti-theft devices in all the cars. According to the department, the change was made due to the complexity of the telecommunications infrastructure that may be needed to develop the Integrated System of Monitoring e Automatic Registry of Vehicles (SINRAV, in Portuguese). The installation of the tracking device is mandatory. The obligation to install this device has been postponed since 2009. The main reason is that this law is seen as harmful to the citizens’ liberty, since anyone can be monitored without consentiment and have their private life invaded. 18 New Data Protection Laws and Case Law Trends in Central & South America
  • 19. CONSUMER DEFENSE CODE Section 43 – Database access. Section 72 – Block access. Penalty – detention from six months to one year or a fine. PRIVACY SANTA CATARINA STATE COURT DECISION Consumer Defense Association causes damages to consumers disclosing its database to third parties. Association must include a warning about the disclosure and ask for permission. 19 New Data Protection Laws and Case Law Trends in Central & South America
  • 20. WIRETAPPING – ACT 9296/1996 Section 1 – Interception of telephone communications – flow of communication. Section 10 – Intercept communication or break secret of Justice, without judicial authorization – confinement from two to four years and fine. PRIVACY SÃO PAULO STATE COURT DECISION Breach of confidentiality of correspondence, telegraphic, data and telephone communications - Nonoccurrence - Seizure of emails in possession and knowledge of the recipient by a court order - strong suspicions that the material might enlighten the criminal infraction – interpretation of art. 5, XII of the Constitution. T H E R E I S N O V I O L AT I O N O F T H E S E C R E C Y O F CORRESPONDENCE. 20 New Data Protection Laws and Case Law Trends in Central & South America
  • 21. APPEAL TO THE SUPERIOR COURT OF JUSTICE BRAZIL Nº 1.193.764 - SP (2010/0084512-0) APPELLANT : I P DA S B APELLEE : GOOGLE BRASIL INTERNET LTDA SUMMARY CIVIL AND CONSUMER LAW. INTERNET. CUSTOMER RELATION. CDC (BRAZILIAN CONSUMER DEFENSE CODE). FREE SERVICE. INDIFFERENCE. CONTENT PROVIDER. PREVIOUS FISCALIZATION ON THE CONTENT OF THE USER POSTED INFORMATIONS ON THE WEBSITE. UNNECESSARY. MESSAGE WITH OFFENSIVE CONTENT. MORAL DAMAGE. INHERENT RISK TO BUSSINESS. INEXISTENCE. ACKNOWLEDGMENT OF THE FORBIDDEN CONTENT. IMMEDIATE REMOVAL OF THE CONTENT. DUTY. PROVIDE MEANS FOR THE IDENTIFICATION OF EACH USER. DUTY. REGISTER THE IP NUMBER. SUFFICIENT. 21 New Data Protection Laws and Case Law Trends in Central & South America
  • 22. SUPERIOR LABOR COURT – CORPORATE EMAIL AND RECORDINGS AS VALID PROOF FOR DISMISSION “(…) As a subscriber of the internet service provider, the company is responsible for its intern use, in accordance to laws. 8. Thus, if the employee eventually use the corporate email for personal reasons, he should be aware that the access to the content of the messages by the employer do not represent major violation of its mails, nor violation of privacy or intimacy, because we are talking about equipment and technology provided by the employer for usage to work and reach the goals of the company. 9. This way, we do not understand that it sets up no defense to the usage of evidence embodied in access to e-mail box, provided by the employer to his employees. Interlocutory appeal devoided.” 22 New Data Protection Laws and Case Law Trends in Central & South America
  • 23. SUPERIOR LABOR COURT – CORPORATE EMAIL AND RECORDINGS AS VALID PROOF FOR DISMISSION INTERLOCUTORY APPEAL IN A REVIEW APPEAL. PAIN AND SUFFERING. GOOD CAUSE. The sentence from the lower level court registred that it does not hurt constitutional standard of financial disclosure and corporate email, especially when the employer, in advance, warn its employees about the rules for using the system and the possibility of tracking and monitoring their email. Interlocutory appeal devoided. 23 New Data Protection Laws and Case Law Trends in Central & South America
  • 24. SECURITY Law enforcement agencies use social networks in search of incriminating data users 24 New Data Protection Laws and Case Law Trends in Central & South America
  • 25. GPS - Monitoring 25 New Data Protection Laws and Case Law Trends in Central & South America
  • 26. 3rd FEDERAL COURT – LETTERS ROGATORY? 26 New Data Protection Laws and Case Law Trends in Central & South America
  • 27. Greetings Ambassador Roberto Campos: "Those who remain in this house have before them wonderful agenda. I wish them, as in the words of theologist Reinhold Niehbuhr: "May God give the serenity to accept the things they cannot change, courage to change the things they can change and the wisdom to know the difference." 27 New Data Protection Laws and Case Law Trends in Central & South America
  • 28. Recommendations and Practices for the Safe Use of Internet to Entire Family Link: http://www.opiceblum.com.br/download/OABMack_Safety.pdf 28 New Data Protection Laws and Case Law Trends in Central & South America
  • 29. Outline  Introduction  A. Brazil  B. Uruguay & Argentina (Ana Brian Nougreres)  C. Colombia, Peru, Costa Rica  D. Key take aways  Q & A 29 New Data Protection Laws and Case Law Trends in Central & South America
  • 30. Argentina 2003 Decision 2003/490/CE November 21, 2003 Declaration of Adequation to the levels of data protection of Directive 95/46/EC of the European Parliament and the Council. 30 New Data Protection Laws and Case Law Trends in Central & South America
  • 31. Argentina 2011 Transfers to other countries only permitted if the country of destination ensures an adequate level of protection. Exceptions to this principle only in special cases: explicit and unambiguous consent, execution of certain contracts, safeguard of public interests or individual vital interests, information of public registers. 31 New Data Protection Laws and Case Law Trends in Central & South America
  • 32. Articles 25 and 26, Directive 95/46/CE           European Economic Space DATA TRANSFERS AEPD March 31, 2011 32 New Data Protection Laws and Case Law Trends in Central & South America
  • 33. INTERNATIONAL DATA TRANSFERS WITH COUNTRIES WITH NO ADEQUATION AEPD March 31, 2011 33 New Data Protection Laws and Case Law Trends in Central & South America
  • 34. AEPD March 31, 2011 34 New Data Protection Laws and Case Law Trends in Central & South America
  • 35. AEPD March 31, 2011 35 New Data Protection Laws and Case Law Trends in Central & South America
  • 36. Uruguay - Dispositions Law 18331 - August 18, 2008 Decree 664/2008 Decree 437/2009 Decree 414/2009 Law 18719 - December 27, 2010 Law 18778 – July 15, 2011 36 New Data Protection Laws and Case Law Trends in Central & South America
  • 37. Uruguayan Data Protection System Scope of application of the legislation Data protection principles Rights of the data holders Liability Enforcement mechanisms Control Sanctions 37 New Data Protection Laws and Case Law Trends in Central & South America
  • 38. Scope The regime is applied to all personal data recorded in any kind of medium that makes them likely to be processed, and any kind of subsequent use of these data within public or private domains. 38 New Data Protection Laws and Case Law Trends in Central & South America
  • 39. Principles Purpose limitation principle Data quality and proportionality principle Principle of transparency Security principle 39 New Data Protection Laws and Case Law Trends in Central & South America
  • 40. Rights of the data holders Access Rectification Opposition 40 New Data Protection Laws and Case Law Trends in Central & South America
  • 41. International data transfers restricted: Countries that provide adequate levels of protection. Transfers authorized by the control authority in cases that offer contractual clauses regarding privacy, rights, freedoms of individuals and the exercise of their rights. Consent, contract, public interest, individual’s vital interest, public registry. 41 New Data Protection Laws and Case Law Trends in Central & South America
  • 42. Sensitive data (9% of the data universe in Uruguay) Definition as personal data revealing racial or ethnic origin, political preferences, religious or moral beliefs, trade union membership or information concerning health or sex life. Explicit consent required for data processing. Nobody can be compelled to provide sensitive data. 42 New Data Protection Laws and Case Law Trends in Central & South America
  • 43. Direct marketing The data used for this purpose are home addresses, distribution of documents, advertising, sale or similar activities. In case this data is suitable for promotional profiling, commercial or advertising purposes, it should appear in documents accessible to the public or must have been supplied or consented by the affected individual. Right to access, remove and block data can be applied at any times. 43 New Data Protection Laws and Case Law Trends in Central & South America
  • 44. Automatic individual decision Decisions based on the processing of data should not affect people or their performance (employment, credit, reliability, behavior, etc.). The affected person has the right to obtain information from the controller, both regarding the assessment criteria and the program used for the processing. 44 New Data Protection Laws and Case Law Trends in Central & South America
  • 45. Supervisory Data Protection Authority URCDP : autonomous entity with technical autonomy Management: Executive Council of three members (Executive Director of AGESIC and the other two appointed by the Executive Power). Assistance: Advisory Council of five members (Members appointed by Legislative and Judicial Power, Public Ministry, academy and private sector). 45 New Data Protection Laws and Case Law Trends in Central & South America
  • 46. Procedural and enforcement mechanisms URCDP provides assistance, advice, regulations, registries of databases, monitors compliance with regulations, guarantees security and confidentiality of data provided, issues opinions. Investigation, Inspection and Sanctions are in charge of the URCDP Habeas data action, legal quick action. 46 New Data Protection Laws and Case Law Trends in Central & South America
  • 47. Sanctions Warning (83 %) Fines (17 %) Suspension of database. 47 New Data Protection Laws and Case Law Trends in Central & South America
  • 48. Opinion 6/2010 of the WP29 on the level of personal data protection in Uruguay, adopted October 12, 2010. CONCLUDES that Uruguay ensures an adequate Level of protection within the meaning of Article 25 (6) of Directive 95/46/CE. 48 New Data Protection Laws and Case Law Trends in Central & South America
  • 49. Why data protection systems work as a win-win process For the consumers, because they can control their own data and the information disseminated about them. For the enterprises, because then can prevent risks of vulnerability of the information they manage from their clients. For the countries, because then can attract investors, improve their positions and compliment international standards. 49 New Data Protection Laws and Case Law Trends in Central & South America
  • 50. Outline  Introduction  A. Brazil  B. Uruguay & Argentina  C. Colombia, Peru, Costa Rica (Cedric Laurant)  D. Key take aways  Q & A 50 New Data Protection Laws and Case Law Trends in Central & South America
  • 51. Colombia, Peru & Costa Rica: Outline  1. Colombia: case studies, problem-solving in real world situations  2. Peru: overview of the data protection law  3. Costa Rica: overview of the data protection law  See references at end of slide deck 51 New Data Protection Laws and Case Law Trends in Central & South America
  • 52. Colombia  7 real cases:  How they might be solved with the upcoming data protection law.  Why are those cases relevant to you and for your job?  Cases range from private to public and governmental aspects of data protection, not only for private businesses but also for public/government authorities. 52 New Data Protection Laws and Case Law Trends in Central & South America
  • 53. Trust 53 New Data Protection Laws and Case Law Trends in Central & South America
  • 54. Trust   Case study: why do books always come wrapped in Colombian bookstores? Lack of trust towards customers? High price? Attitude towards books as sacred objects? Piracy?   Problem: lack of trust by businesses towards consumers.   Significance: lack of trust by businesses breeds lack of trust by consumers towards businesses.   Business context: B2C transactions between foreign companies and Colombian consumers.   Relevance for US/EU companies: foreign companies must be aware of, and understand, this essential feature of the commercial context in which personal information is being processed in Colombia. 54 New Data Protection Laws and Case Law Trends in Central & South America
  • 55. Trust   Resolution:   Should bookstores unwrap all books to make better sales? Will it demonstrate more trust by the shopkeeper towards its customers? Will it have a positive or negative impact on sales?   How is trust related to complying with new data protection legal requirements? Does it mean that for a company to be successful, it should be more transparent about how it processes its customers’ personal data?   How would the upcoming Colombian data protection law apply? What would have to change in current data management practices? (Take local commercial traditions and way of doing business into account.)   How could this have an impact on the level of enforcement of the new law?   Take away 55 New Data Protection Laws and Case Law Trends in Central & South America
  • 56. Trust 56 New Data Protection Laws and Case Law Trends in Central & South America
  • 57. Credit reporting system 57 New Data Protection Laws and Case Law Trends in Central & South America
  • 58. Credit reporting system   Case study: Colombian real estate franchise of a US company (“Century 21 Luque Medina”).   Problem: illustrates the current serious problem with the credit reporting system in Colombia: abusive use is detrimental to consumers, tenants and sureties; does not encourage accountability and business ethics by real estate companies.   Significance: lack of trust by Colombian tenants, landlords and sureties towards Colombian subsidiaries or franchises of foreign businesses.   Business context: B2C/B2B transactions between, on the one hand, foreign companies or Colombian subsidiaries or franchises of foreign companies, and, on the other hand, Colombian consumers.   Relevance for US/EU companies: negative impact on US/ EU companies’ reputation. 58 New Data Protection Laws and Case Law Trends in Central & South America
  • 59. Law No. 1266 of 2008   The Colombian “FCRA”.   Applies in addition to the upcoming data protection law by focussing only on the protection of credit reports and the processing of financial personal information.   Lacks teeth to address international data transfer issues: scope too limited to provide enough protections for information processed by European companies’ subsidiary call centers based in Colombia.   No “adequate protection”. European Commission’s opinion: adequate to regulate the financial sector, but not medical, religious, ethnic, and other type of personal data.   Enforcement has started by supervisory authorities. 59 New Data Protection Laws and Case Law Trends in Central & South America
  • 60. Credit reporting system   Resolution:   How does the Law No. 1266 of 2008 apply to this case? Was it violated? No but did in fact unfairly treat the data subject.   What would have to change in current data management practices?   How has that law applied so far? Enforcement case by the Superintendencia de Industria y Comercio.   How will the upcoming data protection law have any impact? Purpose specification principle.   Take away:   Doing business in a fair way will give the advantage to foreign companies.   Go beyond strict compliance of the letter of the law in implementing it. 60 New Data Protection Laws and Case Law Trends in Central & South America
  • 61. Authentication for private transactions 61 New Data Protection Laws and Case Law Trends in Central & South America
  • 62. Authentication for private transactions   Case study: fingerprints required as means of authentication for all sorts of contracts between individuals and businesses (rental agreements, online password releases for online banking accounts, exchange of currencies, “pospago” contracts with mobile phone providers, shipment of packages abroad,…   Problem: need for a reliable way to authenticate individuals; signature not sufficient for authentication purposes. Main reason: high level of fraud.   Significance: processing of sensitive personal information (biometrics) by businesses.   Business context: B2C/B2B transactions between foreign companies and Colombian customers/clients or companies. 62 New Data Protection Laws and Case Law Trends in Central & South America
  • 63. Authentication for private transactions   Relevance for US/EU companies: authentication procedures may prove very burdensome, bureaucratic and onerous; on the other hand, motivated by good reasons: to prevent fraud (cfr fraud statistics in Colombia) and money laundering.   Questions/Resolution:   How will the upcoming Colombian data protection law apply? (transparency, right of access, adequate security measures, …)   How will the new law impact those authentication practices? (proportionality and security measures)   How will current data management practices have to change? (more transparency, subject access and security)   Take away 63 New Data Protection Laws and Case Law Trends in Central & South America
  • 64. Collection of biometrics for security purposes 64 New Data Protection Laws and Case Law Trends in Central & South America
  • 65. Collection of biometrics for security purposes   Case study: digital biometric fingerprint scanner used as a security measure at the entrance of office buildings; required from everyone to get access to the premises.   Significance: higher risk of data breaches because of databases storing very sensitive personal information (biometrics) and higher risk for data subjects concerned.   Business context: B2C transactions between foreign companies and data subjects (Colombians or foreigners, individuals or clients).   Relevance for US/EU companies: higher risk for hacking and data breaches exists as sensitive personal information is being stored.   Problem: use of biometrics and other authentication and identification measures by private actors in a wide range of situations where collection, use and secondary use of personal information is not necessarily legitimate, transparent or proportionate (e.g., building access). 65 New Data Protection Laws and Case Law Trends in Central & South America
  • 66. Collection of biometrics for security purposes   Questions:   Why is a digital fingerprint required as opposed to a less intrusive and less risky means of access security measure? Is it proportionate?   What happens with this data? With whom is it shared?   Where is there any type of privacy policy explaining what happens with the information collected?   What happens if I am being denied access to the building? Where can I complain? (transparency issue)   Resolution:   How does the upcoming Colombian data protection law apply?   Proportionality; prior and express consent; transparency;…   What would have to change in current data management practices to make this processing compliant with the law?   What are the exemptions for law enforcement authorities?   Take away 66 New Data Protection Laws and Case Law Trends in Central & South America
  • 67. Phone no. and ID for every purchase 67 New Data Protection Laws and Case Law Trends in Central & South America
  • 68. Phone no. and ID for every purchase   Case study: Phone no. and ID no. are requested for every purchase made with an electronic means of payment. No explanation of reason why or what the information is ultimately used for; no privacy policy.   Significance: possibility to match all purchases made by individuals with their ID no. Link it with governmental databases? Relationships between those purchases and the stores’ discount grocery shopping cards?   Business context: B2C transactions between, on the one hand, foreign companies or their Colombian subsidiaries or franchises of foreign companies and, on the other, Colombian consumers.   Relevance for US/EU companies: Do US/EU businesses’ subsidiaries in Colombia using such information collect it legitimately and for valid reasons? 68 New Data Protection Laws and Case Law Trends in Central & South America
  • 69. Phone no. and ID for every purchase   Problem: low level of trust in customer-business relationships, very low level of consumer protection and customer service; presumption of bad faith.   Questions/Resolution:   How will the upcoming Colombian data protection law apply?   What would have to change in current data management practices?   Take away: more transparency required from businesses towards their customers with respect to the processing of their personal information. Consumer protection mechanisms must be established that much better ensure a higher level of consumer protection and consumer privacy. 69 New Data Protection Laws and Case Law Trends in Central & South America
  • 70. RFID transportation card 70 New Data Protection Laws and Case Law Trends in Central & South America
  • 71. RFID transportation card   Case study: Medellin metro card is delivered upon identification and tracks all itineraries of travelers. Lack of information about availability of an anonymous card and its benefits (only drawbacks are mentioned to encourage adoption of individualized card).   Significance: use of customers’ personal location information by public and private entitie; is covered by the upcoming data protection law.   Business context: procurement contracts between Colombian government authorities and foreign companies.   Relevance for US/EU companies: Potential sale of data processing services to local governmental entities. Interest for foreign companies to understand how the upcoming data protection law applies to geo-location location personal information. 71 New Data Protection Laws and Case Law Trends in Central & South America
  • 72. RFID transportation card   Problem: Data protection issues: transparency, access rights, potential secondary uses of travelers’ personal information. Concerns: no privacy policy; no information about the type of information being collected by the system; about the uses of the itinerary information now and later in time; about the current or considered secondary uses; and about the possibility to ask for an anonymous card. Use of data by private and public actors.   Questions: How will the upcoming Colombian data protection law apply? What would have to change in current data management practices?   Resolution: comply in advance and better than local companies. 72 New Data Protection Laws and Case Law Trends in Central & South America
  • 73. RFID transportation card (comparison with Uruguayan case) 73 New Data Protection Laws and Case Law Trends in Central & South America
  • 74. Privacy in e-government services  General obligation of all government entities that use electronic resources to manage the information of citizens in a manner respectful to their privacy.  Decree No. 1151 of 2008 establishes general principles to follow in how online services are provided by the government.  Protection of privacy is further regulated by the Ministry of Communications’ “e- Government Policy Manual,” applicable throughout all governmental entities. 74 New Data Protection Laws and Case Law Trends in Central & South America
  • 75. Colombia: take aways   1. Get an edge over your competitors: be transparent, explain, clarify how your company/ affiliate will use individuals/customers’ personal information.   2. Don’t wait for the Colombian companies to comply with the law: being seen as an early adopter will be good for business and reputation.   3. Trust your consumers; trust will breed reciprocal trust in your products, services, reputation and brand. 75 New Data Protection Laws and Case Law Trends in Central & South America
  • 76. Colombia: take aways   4. Follow all consumer protection regulations, and go beyond strict compliance. Do better than Colombian companies. Mandate your franchisees to be consumer protection-friendly, like in the United States, not like in Colombia.   5. Develop a reputation for being fully reliable for your customers.   6. Get advice both from a local counsel (to conceive the most adequate data protection solution to fit in the cultural context) and from a global data protection counsel. Both professionals will be necessary to design how your company will comply with the local data protection rules. 76 New Data Protection Laws and Case Law Trends in Central & South America
  • 77. CENTRAL AMERICA COSTA RICA EL SALVADOR GUATEMALA HONDURAS NICARAGUA PANAMA 77 New Data Protection Laws and Case Law Trends in Central & South America
  • 78. CENTRAL AMERICA PROTECTION AT THE CONSTITUTIONAL LEVEL -  No Central American country has an express recognition for the right to data protection. -  However, most countries provide constitutional protection for the “right to privacy”, except Panama and Guatemala. - Countries do not have “habeas data” at the constitutional level, but some of them have a general constitutional remedy. PROTECTION IN THE LAW -  No Central American country has a comprehensive personal data protection law. -  Most countries have legal provisions that protect personal data in their laws on access to information and public transparency (Panama, 2002; Honduras, 2006; Nicaragua, 2007; and Guatemala, 2008). -  There are telecommunication laws and credit reporting laws. 78 New Data Protection Laws and Case Law Trends in Central & South America
  • 79. CENTRAL AMERICA INTERNATIONAL INSTRUMENTS -  Political Dialogue and Cooperation Agreement between the EU and Central America (2003): parties agreed to cooperate on the protection in the processing of personal data. BILLS ON PERSONAL DATA PROTECTION -  At least two Central American countries have had legislative discussion on bills that would regulate data protection: Costa Rica and Nicaragua. Costa Rica has a new data protection law since Sept. 7, 2011. 79 New Data Protection Laws and Case Law Trends in Central & South America
  • 80. Costa Rica   Sept. 7, 2011: new Personal Data Protection Law No. 8968 enters into force.   Regulates the processing of personal data carried out by public and private entities: all databases distributing or selling information. (Personal or corporate databases not covered by the law.)   Law modeled after the EU Data Protection Directive. Regulates almost all processing of all types of personal data.   Requires express written consent for many data processing activities. 80 New Data Protection Laws and Case Law Trends in Central & South America
  • 81. Costa Rica  4 main categories of personal data:  1. sensitive data: include socioeconomic level, and medical and genetic conditions.  2. restricted access data: data included in a public database but with restricted access because only concerns person or public entity involved. Individual must give written consent for his personal data to be disclosed.  3. special restricted access data: data contained in public databases created by law.  4. credit records: data that allows financial institutions to evaluate an individual’s creditworthiness based on the general principles laid out in the new data protection law. 81 New Data Protection Laws and Case Law Trends in Central & South America
  • 82. Costa Rica  New data protection authority created within the Ministry of Justice (“Prodhab”) to implement the legislation, inspect registered databases and issue sanctions for legal violations.  Commercial databases must be registered before Prodhab and will be subject to an annual fee for their administration.  Data controller must pay a fee (“canon”) to Prodhab for sales made using commercial databases. Fee based on no. of data sold or contract value. Regulation to be implemented. 82 New Data Protection Laws and Case Law Trends in Central & South America
  • 83. Peru   July 2011: Peru has its first data protection law (“Ley N° 29733 de Protección de Datos Personales”).   Data protection authority will be part of the Ministry of Justice (independence?) and in charge of a National Registry of Personal Data; may levy fines for violations of the law.   Decree must now be drafted.   Problem with the regulation of credit- reporting databases: eludes crucial issue. 83 New Data Protection Laws and Case Law Trends in Central & South America
  • 84. Peru   National Register of Personal Data Protection can record:  1) publicly or privately administered personal databases;  2) authorizations issued pursuant to the law;  3) sanctions imposed by the National Authority; and  4) codes of conduct of the entities representing the privately administered personal database controllers or processors. 84 New Data Protection Laws and Case Law Trends in Central & South America
  • 85. Peru  Political willingness:  Free trade agreements: Peru signed them in Nov. 2008 with the US and Canada. Bilateral negociations under way with the EU, South Korea and China.  Call centers.  Transborder data flows:  Destination country must have a sufficient level of protection for the personal data to be processed, or at least comparable to that provided by the law. 85 New Data Protection Laws and Case Law Trends in Central & South America
  • 86. General references 1.- Agencia Española de Protección de Datos, cuatro gráficas aportadas a la fecha 31032011. Anales del Seminario “El impacto de las transferencias internacionales de datos en América Latina. Las políticas preventivas y la autorregulación en la implantación de la normativa de protección de datos”, Cartagena de Indias, Colombia. Junio de 2011 <http:// www.redipd.org/reuniones/seminario_2011_Cartagena/common/Ponencias/ JesusRubiNavarreteMartes.pdf>. 2.- José Luis Piñar Mañas. Protección de datos de carácter personal en Iberoamérica, Red Iberoamericana de Protección de Datos, Agencia Española de Protección de Datos, Ed. Tirant Lo Blanch Libros, Valencia, España. 2005. 3.- José Luis Piñar Mañas, La Red Iberoamericana de Protección de Datos, Declaraciones y documentos. Ed. Tirant Lo Blanch. Valencia, 2006. 4.- Oscar Puccinelli, El habeas data en Indoiberoamerica. Ed. Temis, Bogota, Colombia. 1999. 5.- Ana Brian Nougreres. De la protección de datos personales y la cooperación internacional. Anuario de Derecho Informático, Instituto de Derecho Informático, Facultad de Derecho, Universidad de la República. FCU. 2005. 86 New Data Protection Laws and Case Law Trends in Central & South America
  • 87. General references 6.- Cédric Laurant, “Emerging Data Protection Laws in Latin America and Doing Business in the EU”, Cedric’s Privacy Blog, Sept. 15, 2011 <http://blog.cedriclaurant.org/2011/09/15/ emerging_data_protection_laws_in_latin_america_doing_business_in_eu/>. 7.- Alberto Cerda, Cédric Laurant & Renato Opice Blum, “Recent Privacy and Data Protection Developments in Latin America and Their Impact on North American and European Multinational Companies”, IAPP Global Privacy Summit (Washington, DC – April 21, 2010) <http://www.slideshare.net/cedriclaurant/quotrecent-privacy-and-data- protection-developments-in-latin-america-and-their-impact-on-north-american-and- european-multinational-companiesquot>. 8.- Marcos Normativos en materia de Protección de Datos Personales. Actas del Seminario. Antigua, Guatemala, 2003. 87 New Data Protection Laws and Case Law Trends in Central & South America
  • 88. References (Argentina) 1.- Declaration regarding Argentina’s Adequation to the levels of data protection of the Directive 95/46/EC of the European Parliament and the Council, November 21, 2003 <http://ec.europa.eu/justice/policies/privacy/docs/ adequacy/decision-c2003-1731/decision-argentine_en.pdf>. 2.- Carlos E. Delpiazzo, Protección de datos en Uruguay y el Mercosur, Fundación de Cultura Universitaria. Montevideo, Uruguay, 2005. 3.- “Argentina” country report in Privacy & Human Rights 2006, Electronic Privacy Information Center & Privacy International, December 18, 2007 <https://www.privacyinternational.org/article/phr2006-argentine-republic>. 88 New Data Protection Laws and Case Law Trends in Central & South America
  • 89. References (Brazil) 1.- Brazilian Constitution, Title 2, Chapter 1, Article 5, X. http://www.planalto.gov.br/ccivil_03/constituicao/constitui%C3%A7ao.htm 2.- Brazilian Constitution, Title 2, Chapter 1, Article 5, XI. http://www.planalto.gov.br/ccivil_03/constituicao/constitui%C3%A7ao.htm 3.- Brazilian Constitution, Title 2, Chapter 1, Article 5, XII. http://www.planalto.gov.br/ccivil_03/constituicao/constitui%C3%A7ao.htm 4.- Brazilian Constitution, Title 2, Chapter 1, Article 5, XIV. http://www.planalto.gov.br/ccivil_03/constituicao/constitui%C3%A7ao.htm 5.- Brazilian Constitution, Title 2, Chapter 1, Article 5, LXXII. http://www.planalto.gov.br/ccivil_03/constituicao/constitui%C3%A7ao.htm 6.- Federal Law No. 9.507/1997 (Habeas Data). http://www.planalto.gov.br/ccivil_03/leis/l9507.htm 7.- Federal Law No. 9.507/1997, Article 4 § 1. http://www.planalto.gov.br/ccivil_03/leis/l9507.htm 89 New Data Protection Laws and Case Law Trends in Central & South America
  • 90. References (Brazil) 8.- Federal Law No. 9.507/1997, Article 4 § 2. http://www.planalto.gov.br/ccivil_03/leis/l9507.htm 9.- Federal Law No. 10.406, January 12, 2002 (Civil Code). http://www.planalto.gov.br/ccivil_03/leis/2002/L10406.htm 10.- Federal Law No. 7.232, October 29, 1984 (National Computer Policy). http://www.planalto.gov.br/ccivil_03/leis/L7232.htm 11.- Federal Law No. 9.472, July 16, 1997, Book 1, Art. 3, IX. (Telecommunications Act). http://www.consumidorbrasil.com.br/consumidorbrasil/textos/legislacao/l9472.htm 12.- Federal Law No. 9.454, April 7, 1997 (National Identity Registration). http://www.planalto.gov.br/ccivil_03/Leis/L9454.htm 13.- Federal Law No. 8.078, Article 43, September 11, 1990 (Consumer´s Code). http://www.planalto.gov.br/ccivil_03/leis/L8078.htm 14.- Document nº 05/2002, of the Economic Law Secretariat, Ministry of Justice (Secretaria de Direito Econômico (SDE) do Ministério da Justiça). 90 New Data Protection Laws and Case Law Trends in Central & South America
  • 91. References (Brazil) 15.- Personal Data Bill: regulates the protection of personal data, privacy and other matters <http://www.cgu.gov.br/acessoainformacao/arquivos/ anteprojeto-lei-protecao-dados-pessoais.pdf>. 16.- Renato Leite Monteiro & Caio César Carvalho Lima, Comentários ao Anteprojeto de Lei Brasileiro sobre Proteção de Dados Pessoais, Information Security Breaches & The Law Blog, May 2011 <http:// securitybreaches.files.wordpress.com/2011/05/anteprojeto-de-lei-brasileiro- sobre-protecao-de-dados-pessoais.pdf>. 17.- Renato Leite Monteiro & Cédric Laurant, “New Brazilian Data Protection Bill Adopts Data Breach Notification Regime”, Information Security Breaches & The Law Blog, May 9, 2011 <http://blog.security-breaches.com/2011/05/09/ new_brazilian_data_protection_bill_adopts_data_breach_notification_regime/>. 18. Renato Leite Monteiro , “Comentários ao Anteprojeto de Lei Brasileiro sobre Proteção de Dados Pessoais”, Information Security Breaches & The Law Blog, May 1, 2011 <http://blog.security-breaches.com/2011/05/01/comentarios-ao- anteprojeto-de-lei-brasileiro-sobre-protecao-de-dados-pessoais/>. 91 New Data Protection Laws and Case Law Trends in Central & South America
  • 92. References (Brazil) 19.- “Brazil” country report in Privacy & Human Rights 2006, Electronic Privacy Information Center & Privacy International, December 18, 2007 <https:// www.privacyinternational.org/article/phr2006-federative-republic-brazil>. 20.- Danilo Doneda, Da privacidade a proteção de dados pessoais, Ed. Renovar. Rio de Janeiro, Brasil, 2006. 21.- Stefano Rodota. A vida na sociedade da vigilancia, a privacidade hoje, Ed. Renovar, trad. Maria Celina Bodin de Moraes, Rio de Janeiro, 2008. 22.- Temis Limberger. O direito a intimidade na era da informática. Ed. Livraria do Avogado, Brasil, 2007. 92 New Data Protection Laws and Case Law Trends in Central & South America
  • 93. References (Colombia) 1.- Informe de conciliación al Proyecto de Ley Número 046 de 2010 Cámara, 184 de 2010 Senado (upcoming Colombian data protection law) <http:// www.habeasdata.org.co/wp-content/uploads/2010/12/Informe- Conciliación1.pdf>. 2.- Fernando Triana and Carolina Díaz (Triana, Uribe & Michelsen), “Data Protection: Colombia”, April 1, 2010 <http://ipandit.practicallaw.com/ 7-502-5167?source=relatedcontent>. 3.- Observatorio de la protección de datos personales en Colombia <http:// www.habeasdata.org.co/>. 4.- Nelson Remolina-Angarita, “¿Tiene Colombia un nivel adecuado de protección de datos personales a la luz del estándar europeo?, 16 International Law, Revista Colombiana de Derecho Internacional, 489-524 (2010) <http:// www.habeasdata.org.co/wp-content/uploads/2010/08/colombia-y-nivel- adecuado-de-proteccion-de-datos-nelson-remolina-il-julio-de-2010.pdf>. 5.- Nelson Remolina-Angarita, “Propuestas para mejorar y aprobar el proyecto de ley estatutaria sobre el derecho fundamental del habeas data y la protección de los datos personales”, Documento GECTI No 11, Noviembre 24 de 2010 <http://www.habeasdata.org.co/wp-content/uploads/2010/12/documento- gecti-11-de-2010.pdf>. 93 New Data Protection Laws and Case Law Trends in Central & South America
  • 94. References (Colombia) 6.- Cédric Laurant, Summer course of continuing legal education: “Data Protection & Privacy around the World”, School of Law, Universidad de los Andes (Bogota, Colombia – June 17 - July 7, 2008). 7.- Spanish Data Protection Agency, “Report on International Data Transfers – Ex Officio Sectorial Inspection of Spain-Colombia at Call Centres”, July 2007 <http://www.agpd.es/portalwebAGPD/jornadas/ transferencias_internacionales_datos/common/pdfs/ report_Inter_data_transfers_colombia_en.pdf>. 8.- “Colombia” country report in Privacy & Human Rights 2006, Electronic Privacy Information Center & Privacy International, December 18, 2007 <https://www.privacyinternational.org/article/phr2006-colombia>.  94 New Data Protection Laws and Case Law Trends in Central & South America
  • 95. References (Costa Rica) 1.- Personal Data Protection Law No. 8968 of Sept. 7, 2011 (Ley de “Protección de la Persona frente al tratamiento de sus datos personales”) <http://www.pgr.go.cr/scij/Busqueda/Normativa/Normas/nrm_repartidor.asp? param1=NRTC&nValor1=1&nValor2=70975&nValor3=85989&strTipM=TC>. 2.- “Protection of the Person in the Processing of His Personal Data” (Data protection bill, “Ley de protección de la persona frente al tratamiento de sus datos personales”) <http://www.elderechoinformatico.com/index.php? option=com_content&view=article&id=508:ley-proteccion-de-datos- personales-costa-rica&catid=1:datos-personales&Itemid=54>. 3.- Roberto Lemaitre, “Proyecto de Ley - Expte. 16.679 “Protección de la Persona frente al tratamiento de Datos Personales”, 11 de Junio de 2011 <http://www.elderechoinformatico.com/index.php? option=com_content&view=article&id=583:proyecto-de-ley- expediente-16679-proteccion-de-la-persona-frente-al-tratamiento-datos- personales&catid=118:elderechoinformatico-costa-rica&Itemid=122>. 4.- Costa Rica country report in Privacy & Human Rights 2006, Electronic Privacy Information Center & Privacy International, December 18, 2007 <https://www.privacyinternational.org/article/phr2006-costa-rica>. 95 New Data Protection Laws and Case Law Trends in Central & South America
  • 96. References (Peru) 1.- Ley de Protección de Datos personales, 3 de julio de 2011 <http:// securitybreaches.files.wordpress.com/2011/07/110703-ley_peruana-pdp- no29733.pdf>. 2.- Department of Commerce, English translation of Peru’s Law for Personal Data Protection (Ley de Protección de Datos Personales) <http:// www.huntonprivacyblog.com/uploads/file/Peru%20Data%20Protection%20Law %20July%2028_EN%20_2_.pdf>. 3.- Iriarte & Asociados, Handbook IA N° 6 - Protección de Datos Personales- Entidades Privadas, v. 1.0, julio de 2011 <http://www.iriartelaw.com/apc-aa- iriartelaw/img_upload/80fbc41a7158c9c9b59314f28f167fb1/ Handbook_IA_N__6_ley_de_Protecci_n_de_Datos_Personales.pdf>. 4.- Carlos Ferreyros Soto, “Los desafios digitales del Ministerio de Justicia: El Sistema Peruano de Información Judicial, SPIJ y la Ley de Datos Personales”, 30 June 2011, <http://derecho-ntic.blogspot.com/2011/06/los-desafios-digitales-del- ministerio.html>. 5.- José Miguel Silva, “Ley de protección de datos personales: Todo lo que usted debe saber”, LaRepublica.pe, 23 June 2011 <http://www.larepublica.pe/ 23-06-2011/ley-de-proteccion-de-datos-personales-todo-lo-que-usted-debe- saber>. 96 New Data Protection Laws and Case Law Trends in Central & South America
  • 97. References (Peru) 6.- Cédric Laurant, “Perspectivas europeas sobre la protección de los consumidores y usuarios peruanos del Internet. Interpretando el nuevo Código peruano de Protección y Defensa del Consumidor (Ley No. 29571)” (Conferencia internacional: “Implicancias del Nuevo Codigo de Proteccion y Defense del Consumidor: Nuevos Retos”), Asociación Nacional de Defensa del Consumidor, Universidad Nacional Jorge Basadre Grohmann, Tacna, Peru – December 21, 2010) <http://www.slideshare.net/cedriclaurant/perspectivas-europeas-sobre-la- proteccin-de-los-consumidores-y-usuarios-peruanos-del-internetinterpretando-el- nuevo-cdigo-peruano-de-protecciny-defensa-del-consumidor-ley-no-29571>. 7.- “Peru” country report in Privacy & Human Rights 2006, Electronic Privacy Information Center & Privacy International, December 18, 2007 <https://www.privacyinternational.org/article/phr2006-republic-peru>.  97 New Data Protection Laws and Case Law Trends in Central & South America
  • 98. References (Uruguay) 1.- The Uruguayan laws can be consulted at <http://www.parlamento.gub.uy>. 2.- Text of the Uruguayan decrees can be consulted at <http:// www.presidencia.gub.uy>. 3.- Ana Brian Nougreres, “El sistema legal uruguayo en protección de datos personales y acceso a la información pública,” Universidad de Los Andes, Bogotá, Colombia, 2010. 4.- Opinion 6/2010 on the level of protection of personal data in the Eastern Republic of Uruguay, adopted October 12, 2010, 0475/10/EN WP 117 <http:// ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp177_en.pdf>. 5.- Ana Brian Nougreres. Taller sobre Protección de Datos Personales, Colegio de Abogados del Uruguay, Montevideo, 2010. 6.- Augusto Duran Martinez, Derecho a la Protección de Datos personales y al acceso a la información pública, Ed. Amalio Fernández, Montevideo, Uruguay,, 2009. 98 New Data Protection Laws and Case Law Trends in Central & South America
  • 99. References (Uruguay) 7.- Carlos E. Delpiazzo, Protección de datos en Uruguay y el Mercosur, Fundación de Cultura Universitaria. Montevideo, Uruguay, 2005. 8.- Ana Brian Nougreres, “Integración Iberoamericana en materia de protección de Datos Personales”, Anuario de Derecho Informático, Montevideo, Uruguay, 2007. 9.- Ana Brian Nougreres. Protección de datos personales en Uruguay. Imp. Teijeiro. Montevideo, Uruguay, 2009. 10.- “Uruguay” country report in Privacy & Human Rights 2006, Electronic Privacy Information Center & Privacy International, December 18, 2007 <https:// www.privacyinternational.org/article/phr2006-republic-uruguay>. 12.- Ana Brian Nougreres, “El sistema de transporte metropolitano y la protección de datos personales de los uruguayos”, Anuario de Derecho Informatico, Instituto de Derecho Informático, Facultad de Derecho, Universidad de la República, FCU, 2007. 99 New Data Protection Laws and Case Law Trends in Central & South America
  • 100. Outline  Introduction  A. Brazil  B. Uruguay & Argentina  C. Colombia, Peru, Costa Rica  D. Key take aways (Cedric Laurant)  Q & A 100 New Data Protection Laws and Case Law Trends in Central & South America
  • 101. Key take aways •  1. Get an edge over your competitors: be transparent, explain, clarify how your company/affiliate will use individuals/customers’ personal information. •  2. Being seen as an early adopter will be good for business and reputation. •  3. Trust your consumers (trust breeds trust, in your products, services, reputation, brand). 101 New Data Protection Laws and Case Law Trends in Central & South America
  • 102. Key take aways •  4. Follow all consumer protection regulations and go beyond strict compliance. •  5. Build your company’s reputation as being fully reliable for your customers. •  6. Get advice not only from local counsel, but also from global ones. 102 New Data Protection Laws and Case Law Trends in Central & South America
  • 103. Outline  Introduction  A. Brazil  B. Uruguay & Argentina  C. Colombia, Peru, Costa Rica  D. Key take aways  Q & A 103 New Data Protection Laws and Case Law Trends in Central & South America
  • 104. Panelists: contact info Cedric Laurant, Esq., LL.M. Principal, Cedric Laurant Consulting (Belgium) http://cedriclaurant.com – Twitter: @cedric_laurant c [at] cedriclaurant [dot] com Dra. Ana Brian Nougreres Law Professor, Universidad de la República Oriental del Uruguay; Chief Consultant, Estudio Jurídico Briann & Associates (Uruguay) abrian [at] netgate [dot] com [dot] uy Renato Opice Blum CEO and Partner, Opice Blum Advogados Associados (Brazil) http://www.opiceblum.com.br – Twitter: @opiceblum renato [at] opiceblum [dot] com [dot] br 104 New Data Protection Laws and Case Law Trends in Central & South America