The 1993 Constitution sets out extensive privacy, data protection and freedom of information rights.[2017] Article 2 states, "Every person has the right: V. To solicit information that one needs without disclosing the reason, and to receive that information from any public entity within the period specified by law, at a reasonable cost. Information that affects personal intimacy and that is expressly excluded by law or for reasons of national security is not subject to disclosure. Secret bank information or tax information can be accessed by judicial order, the National Prosecutor, or a Congressional investigative commission, in accordance with law and only insofar as it relates to a case under investigation. VI. To be assured that information services, whether computerized or not, public or private, do not provide information that affects personal and family intimacy. VII. To honor and good reputation, to personal and family intimacy, both as to voice and image. Every person affected by untrue or inexact statements or aggrieved by any medium of social communication has the right to free, immediate and proportional rectification, without prejudice to responsibilities imposed by law. IX. To secrecy and the inviolability of communications and private documents. Communications, telecommunications or instruments of communication, may be opened, seized, intercepted or inspected only under judicial authorization and with the protections specified by law. All matters unconnected with the fact that motivates the examination must be guarded from disclosure. Private documents obtained in violation of this precept have no legal effect. Books, ledgers, and accounting and administrative documents are subject to inspection or investigation by the competent authority in conformity with law. Actions taken in this respect may not include withdrawal or seizure, except by judicial order."
A Data Protection Bill was introduced in Parliament by the Popular Cristiano party in September 1999.[2018] The bill is based on the new Spanish Data Protection Act, the Italian Data Privacy Act, the Privacy Act of 1988 of Australia, the US Restatement of Torts and the EU Data Protection Directive. The bill proposes the creation of a Data Protection Commissioner. If approved, the bill will make Peru fully compatible with the EU Data Protection Directive legal framework. In March 2002, the Ministry of Justice published a Resolution in the Official Gazette establishing a special commission to draft a new Data Protection Bill. One year later, there has not been any progress in this issue.[2019]
In August 2001, Peru enacted a data protection law covering private credit reporting agencies called Centrales Privadas de Información de Riesgo - (CEPIRS).[2020] These private companies are in charge of collecting and processing the credit risk information of individuals and companies whose information is recorded in databases. The law regulates the incorporation of credit bureaus, qualifications for shareholders of these companies, and the sources of information they can use. Similar to Article 11 of the EU Data Protection Directive, it sets out the information that must be provided to the data subject where the data has not been obtained from him or her. In addition, the law prohibits credit bureaus from collecting (1) sensitive information; (2) data violating the confidentiality of bank or tax records; (3) inaccurate or outdated information; (4) bankruptcy records older than 5 years; (4) other debtor records 5 years after the debt was paid. It provides that credit agencies must adopt security measures and grants individuals have the following rights: (1) the right to access to information; (2) the right to modify or cancel their personal data; (3) judicial relief for non-consumers or consumer protection law. The law also creates strict liability for damages. The Government Agency for Consumer Protection (the Comisión de Protección al Consumidor del Instituto Nacional de Defensa de la Competencia y de la Protección de la Propiedad Intelectual, or INDECOPI) is in charge of applying fines for violation of the law and issuing injunctions to correct errors.
Article 154 of the Penal Code[2021] states that "a person who violates personal or family privacy, whether by watching, listening to or recording an act, a word, a piece of writing or an image using technical instruments or processes and other means, shall be punished with imprisonment for not more than two years." Article 157 criminalizes the disclosure of sensitive data including "political and religious convictions" and other aspects of intimate life.
Article 161 of the Penal Code states "that a person who unlawfully opens a letter, document, telegram, radio telegram, telephone message or other document of a similar nature that is not addressed to him, or unlawfully takes possession of any such document even if it is open, shall be liable to imprisonment of not more than two years and to sixty to ninety days' fine." A sentence of not less than one year nor more than three years is to be given to any "person who unlawfully interferes with or listens to a telephone or similar conversation." Public servants guilty of the same crime must serve not less than three or more than five years and must be dismissed from their post. A person who unlawfully tampers with, deletes, or misdirects "the address on a letter or telegram," but does not open it, "is liable to twenty to fifty-two days' community service."
A bill was introduced by the political party Frente Independiente Moralizador (Independent Front for Moralization) on June 9, 2003. The proposal aims at modifying Article 161 of the Penal Code with the unique purpose of specifying that the e-mail is legally protected under this article. However, the protection of e-mail is already considered in the same article, when it refers to "other document of a similar nature."[2022]
In April 2002, Peru passed a new law to govern the interception of communications and private documents.[2023] Under the new law, a judicial warrant is needed to seize documents or intercept communications. The law requires telecommunications operators to provide all necessary technical assistance and facilities to carry out interceptions. The powers may be used in the investigation of crimes including kidnapping, trafficking of minors, drug trafficking, customs violations, terrorism, crimes against the humanity, and treason.
In its most recent report on Human Rights Practices, the US Department of State noted that "unlike in previous years, there were few complaints that the Government violated rights to privacy of communications." In the past there were numerous reports of abuse of surveillance authority by Peru's National Intelligence Service (Servicio de Inteligencia Nacional or SIN). The SIN conducted widespread surveillance and illegal phone tapping of government ministers and judges assigned to constitutional cases, beginning in the early 1990s. Army agents used sophisticated Israeli phone-tapping equipment to monitor telephone conversations, and copies of the conversations were delivered to Vladimiro Montesinos.[2024] The SIN maintained close ties with the US Central Intelligence Agency, including a covert assistance program to combat drug trafficking.[2025] The SIN has allegedly conducted a nationwide surveillance campaign with the sole purpose of intimidating political opposition figures. In 1990, an opposition congressman's house was blown up after he delivered a congressional report on domestic surveillance of opposition politicians, journalists, human rights workers and companies suspected of tax evasion.[2026] In August, 1997 former UN General Secretary Javier Pérez de Cuéllar filed charges against the SIN with the Peruvian Attorney General and the Inter-American Human Rights Commission for taping 1,000 conversations he made from his home telephone between October 1994 and August 1995 while he ran for President against Alberto Fujimori.[2027] President Fujimori absolved the SIN of the accusations, asserting that private individuals with commercial scanners had carried out the wiretapping.[2028] The allegations prompted the resignation of the Defense Minister and a special prosecutor was appointed to investigate the incident.[2029] The Defense Commission's three-month inquiry confirmed accusations of the widespread wiretapping but concluded that there was no evidence the intelligence services carried out the spying.[2030] A member of Congress and several journalists filed a suit on grounds that their constitutional rights had been violated (an acción de amparo), and to put an end to the tapping of their telephone calls.[2031]
In July 2000 a Computer Crimes Act was adopted and codified in Article 207(A)(B)(C) of the Penal Code.[2032] The Act prohibits unlawful access, use, interference or damage to a system, database, or network of computers. Sanctions include up to five years imprisonment.
The Organic Law of the National Identification Registry and Civil Status (1995) created an autonomous agency which may "collaborate with the exercise of the functions of pertinent political and judicial authorities in order to identify persons" but is "vigilant regarding restrictions with respect to the privacy and identity of the person" and "guarantees the privacy of data relative to the persons who are registered." The Law also requires all persons to carry a National Identity Document featuring a corresponding number, photograph and fingerprint.[2033] In January 2002, a new law creating a National Registry of Persons with Disabilities was adopted.[2034] The registry will be administered by the National Council of Integration of Persons with Disabilities (CONADIS).
Freedom of information is constitutionally protected under the right of habeas data. The first case to test the habeas data clause, which reviewed clause 7 of Article 2, was brought in the criminal court system in January 1994. The Supreme Court ruled in March 1994 that the case should not have been brought in the criminal courts, nullified all previous decisions on the case, and ordered it resubmitted to the civil court system.[2035] Several cases have allowed the courts to establish their jurisdiction over, and support for, habeas data. In 1996 the Supreme Court, citing clause 5 of Article 2 of the Constitution, ordered the Ministry of Energy and Mines to release environmental surveys of a private mining operation to the Peruvian Society of Environmental Rights.[2036] Also in 1996, the Supreme Court sided with the Civil Labor Association against the General Director of Mining and ordered the release of an environmental impact study submitted by the Southern Perú Cooper Corporation.[2037]
In May 1994, Law No. 26301 was passed in order to set temporary legal standards for the legal application of habeas data.[2038] The Law requires that all habeas data actions be notarized, although reasons for the requested action need not be given, and filed with the legal authority from which information or an action is desired. The Law sets out the time periods and procedures for taking actions under clauses 5, 6 and/or 7 of Article 2 of the Constitution. The Law was updated in June 1995 to give a right of action, provide greater access to records, and to limit its use as a means of censorship.[2039]
A Law of Transparency and Access to Public Information was adopted in August 2002 and amended in January 2003.[2040] Under the law, every person has the right to request information in any form from any government body or private entity that offers public services or executes administrative functions without having to explain why. Documentation funded by the public budget is considered public information. Public bodies must respond within seven working days which can be extended in extraordinary cases for another five days.
There are three tiers of exemptions: for national security information, the disclosure of which would cause a threat to the territorial integrity and/or survival of the democratic systems and the intelligence or counterintelligence activities of the Consejo Nacional de Inteligencia; reserved information about crimes and external relations; and confidential information relating to pre-decisional advice, commercial secrets, ongoing investigations and personal privacy. Information relating to human rights violations and the Geneva Convention of 1949 cannot be classified. The exempted information can be obtained by the courts, Congress, the General Comptroller, and the Human Rights Ombudsman in some cases.
Appeals, in some cases, may be made to a higher department. Once administrative appeals are completed, the requestor can claim access to courts under Law No. 27584,[2041] or under Law No. 26301 for the constitutional right of habeas data.[2042] In practice, the process of habeas data is faster and more effective.
The law also requires government departments to create web sites and publish information on its organization, activities, regulations, budget, salaries, costs of the acquisition of goods and services, and official activities of high-ranking officials. Detailed information on public finances has to be published every four months on the Ministry of Economic and Finance's web site.
According to the Peruvian Press Council in the fourth trimester of 2002, the Ministry of Health and the National Council of Intelligence failed to update their financial information pursuant to Urgency Decree No. 035-2001 (effective from February 2001) and the Law of Transparency and Access to the Public Information (effective from February 2003). These laws require public administration to update each quarter this information through the Internet. In addition, the Ministry of Defense, the Joint Command of the Armed Forces, the Navy Military, Air Force and the National Assembly of Directors, have never published on their Internet portals their financial information during that period.[2043]
The campaign for the law was lead by the Peruvian Press Council and others organizations such as the Instituto Prensa y Sociedad. The January amendment to the law incorporated a revised exemption for national security that was negotiated by the Press Council and the armed forces.[2044]
On June 7, 2003 a proposal of the Transparency and Access to Public Information Law to regulate the application and execution of procedures of the Transparency law was published.
Early in 2003, a few congressmen introduced several bills to regulate the Internet and information and communication technologies. One controversial proposal is Bill No.5890/2002-CR[2045] presented by Congressman Pedro Morales Mansilla on March 10, 2003. It establishes that everyone has the right, in accordance with the interpretation of constitutional mandates, to ask for, and to receive, complete, truthful, appropriate and opportune information, from all NGOs. For such effect, all NGOs have to create their web page, in which they will include a portal of transparency.
In Peru, the president has the authority - frequently exercised in the past - to suspend civil liberties in a "state of emergency." This power was used most recently on May 27, 2003, in response to widespread strikes by farmers, teachers and judiciary workers.[2046]
Peru signed the American Convention on Human Rights on July 28, 1978, and accepted the jurisdiction of the Inter-American Court of Human Rights on January 21, 1981, withdrew from the jurisdiction of the American Court of Human Rights in July 1999 and was reestablished on January 12, 2001.