I. Legal Framework
Constitutional privacy framework
The Constitution of the Republic of Chile of 1980 recognizes the right to privacy. Article 19 secures for all persons: "Respect and protection for public and private life, the honor of an individual and his family, as well as the inviolability of the home and of all forms of private communications. The home may be invaded and private communications and documents intercepted, opened, or inspected only in cases and manners determined by law."1
Statutory rules on privacy
Chile is the first Latin American country to enact a data protection law. The Law for the Protection of Private Life came into force on October 28, 1999.2 It covers the processing and use of personal data in the public and private sectors, and the rights of individuals (of access, correction, and judicial control). The law contains a chapter dedicated to the use of financial, commercial and banking data, and specific rules addressing the use of information by government agencies. It also includes fines and damages for the unlawful denial of access and correction rights. Only databanks in the government must be registered. The law was slightly amended in 20023 and modifies the Labor Code by providing that employers cannot condition hiring an employee on the lack of personal or economic debts.4
Since the Law for the Protection of Private Life was passed in 1999, nineteen bills aimed to modify it have been presented (current to May 2007). In August 2006 the newspaper "El Mercurio" published an investigation that revealed the sale of patients' prescription information by pharmaceutical chains and laboratories. 5 As a result of this report, a group of members of the Parliament drafted a bill modifying the Law for the Protection of Private Life to remedy the situation. This bill establishes criminal sanctions for the illegitimate data processing by data controllers.6
On September 2006 another bill that modifies the Law for the Protection of Private Life was introduced. This bill aims to protect personal data belonging to public and private institutions, and penalize its processing was introduced in the Lower House (Cámara de Diputados). 7
The law has been criticized for certain ambiguities in its language, such as for the concept of "public access source" and "sensitive personal data." It has also been criticized for the weak protection measures for some categories of personal data. For example, no difference is made between "personal" and "sensitive" data, such as data revealing political opinions, religious beliefs, or health or sex life; and the law lacks control mechanisms aimed at sanctioning illegitimate data processing by data controllers.8 The EU expressed concerns about the data protection law,9 as this law does not contain restrictions for transfers of personal data to third countries, nor does it have a data protection authority.
On May 28, 1993, Law 19.223 that protects the right of privacy was enacted.10 This law, which modifies the Penal code, protects the right to privacy by sanctioning the person who, without authorization, illegally seeks to know information contained in a database or alters, destroys or discloses that information.
In August 2000, Decree No. 779 that regulates the registration of public sector-controlled databases was enacted.11 The registration is the responsibility of the Civil Registration and Identification Services.
Two pending bills aim at reforming the Penal Code with respect to cybercrimes. The first one modifies Law No. 19.223 about cybercrimes and criminalizes the improper access to information included in a database and its destruction or alteration, and damage to computer data.14 The second bill introduces new crimes, such as the falsification of electronic documents and credit cards.15 However, the Ministry of Justice recently decided not to continue with these bills and will instead focus on the redaction of a new Criminal Code that will contain new cybercrimes.16
- 1. http://www.bcn.cl/lc/cpolitica/
- 2. http://www.cpsr-peru.org/bdatos/chile/privacidad/Ley%2019.628sobreProtec...
- 3. http://www.cpsr-peru.org/bdatos/chile/privacidad/Ley%2019.812MODIFICA%20...
- 4. The only exception will be if the employee will be administering money of the company or the employer. The new law also provides that the ""right to forget"" (the duration personal data can be stored) is reduced to five years for commercial debts and to zero years if the debt has been paid.
- 5. http://www.medicosparachile.cl/mpch2/index.php?option=com_content&task=v...
- 6. Proyecto que Modifica la Ley 19.628, sobre Protección de la Vida Privada, con el fin de Resguardar en Mejor Forma los Datos de Carácter Personal y Sancionar Penalmente su Tratamiento y Cesión Indebida [Bill that modifies Law 19.628 on Protection of the Private Life with the aim to Shelter Better Personal Data and Penalize their Illegal Processing and Cession]. Bulletin 4.429-07. Passed to the Constitution Commission of the Lower House (Cámara de Diputados) on August 22, 2006. As of May 2007 there is no further development.
- 7. Proyecto que Modifica la Ley 19.628, con el Objeto de Ampliar los Mecanismos de Protección de los Datos de Carácter Personal [Bill that modifies Law 19.628 with the aim to Widen the Protection Mechanisms of Personal Data]. Bulletin 4.466-03. Enter into the Comisión de Economía, Promoción y Desarrollo [Economy, Promotion and Development Commission] of the Lower House on September 5, 2006.
- 8. Alberto Cerda, "La Autoridad de Control en la Legislación Sobre Protección De Datos Personales," tesis para optar al grado de Magister en Derecho Público, Universidad de Chile, Noviembre, 2003; Paula Jervis, Comentario Jurisprudencial: Intimidad y Tratamiento de Datos Personales en el Portal del Poder Judicial, Revista Chilena de Derecho Informático de la Universidad de Chile 1 (2002); Paula Jervis, Derechos del Titular De Datos y Habeas Data en la Ley 19.628, Revista Chilena de Derecho Informático de la Universidad de Chile 2 (2003).
- 9. http://www.direcon.cl/frame/acuerdos_internacionales/f_bilaterales.html
- 10. http://www.cpsr-peru.org/bdatos/chile/privacidad/19423
- 11. http://www.cpsr-peru.org/bdatos/chile/privacidad/
- 12. http://www.modernizacion.cl/1350/articles-126436_decreto.pdf
- 13. http://www.modernizacion.cl/1350/articles-140397_recurso_1.pdf
- 14. http://www.cpsr-peru.org/bdatos/chile/privacidad/delitosinformaticos
- 15. http://sil.congreso.cl/pags/index.html
- 16. http://www.politicacriminal.cl/n_01/pdf_01/d_1.pdf