Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


I. Legal Framework

Constitutional privacy framework

The Constitution of the Republic of Chile of 1980 recognizes the right to privacy. Article 19 secures for all persons: "Respect and protection for public and private life, the honor of an individual and his family, as well as the inviolability of the home and of all forms of private communications. The home may be invaded and private communications and documents intercepted, opened, or inspected only in cases and manners determined by law."1

Statutory rules on privacy

Chile is the first Latin American country to enact a data protection law. The Law for the Protection of Private Life came into force on October 28, 1999.2 It covers the processing and use of personal data in the public and private sectors, and the rights of individuals (of access, correction, and judicial control). The law contains a chapter dedicated to the use of financial, commercial and banking data, and specific rules addressing the use of information by government agencies. It also includes fines and damages for the unlawful denial of access and correction rights. Only databanks in the government must be registered. The law was slightly amended in 20023 and modifies the Labor Code by providing that employers cannot condition hiring an employee on the lack of personal or economic debts.4

Since the Law for the Protection of Private Life was passed in 1999, nineteen bills aimed to modify it have been presented (current to May 2007). In August 2006 the newspaper "El Mercurio" published an investigation that revealed the sale of patients' prescription information by pharmaceutical chains and laboratories. 5 As a result of this report, a group of members of the Parliament drafted a bill modifying the Law for the Protection of Private Life to remedy the situation. This bill establishes criminal sanctions for the illegitimate data processing by data controllers.6

On September 2006 another bill that modifies the Law for the Protection of Private Life was introduced. This bill aims to protect personal data belonging to public and private institutions, and penalize its processing was introduced in the Lower House (Cámara de Diputados). 7

The law has been criticized for certain ambiguities in its language, such as for the concept of "public access source" and "sensitive personal data." It has also been criticized for the weak protection measures for some categories of personal data. For example, no difference is made between "personal" and "sensitive" data, such as data revealing political opinions, religious beliefs, or health or sex life; and the law lacks control mechanisms aimed at sanctioning illegitimate data processing by data controllers.8 The EU expressed concerns about the data protection law,9 as this law does not contain restrictions for transfers of personal data to third countries, nor does it have a data protection authority.

On May 28, 1993, Law 19.223 that protects the right of privacy was enacted.10 This law, which modifies the Penal code, protects the right to privacy by sanctioning the person who, without authorization, illegally seeks to know information contained in a database or alters, destroys or discloses that information.

In August 2000, Decree No. 779 that regulates the registration of public sector-controlled databases was enacted.11 The registration is the responsibility of the Civil Registration and Identification Services.

In August 2006, Supreme Decree 100 established standards that State Administration Organizations' websites must follow.12 It requires that the websites ensure the availability and accessibility of information, the proper protection of the data subject's personal data and also guarantees the interoperability of the contents, functions and assistance offered. The Government also issued a Model Guide of Privacy Policy for the websites of State Organizations.13

Two pending bills aim at reforming the Penal Code with respect to cybercrimes. The first one modifies Law No. 19.223 about cybercrimes and criminalizes the improper access to information included in a database and its destruction or alteration, and damage to computer data.14 The second bill introduces new crimes, such as the falsification of electronic documents and credit cards.15 However, the Ministry of Justice recently decided not to continue with these bills and will instead focus on the redaction of a new Criminal Code that will contain new cybercrimes.16