In addition to the bill, the Data Protection Agency was created, a decentralized body whose objective will be to ensure the effective protection of the rights that guarantee the private life of people and their personal data, in accordance with the provisions of this law. , and monitor compliance with its provisions.
During the day of Monday, May 8, 2023, the Chamber of Deputies sent to the Senate with changes the bill that regulates the protection and processing of personal data, and also managed the creation of the Personal Data Protection Agency.
The project was presented before the Constitution and Finance commissions, by deputies Leonardo Soto (PS) and Miguel Mellado (RN) and seeks to establish a stricter regulation of the obligations, duties and responsibilities of people who process personal data regarding of the current regulation.
The proposed law seeks to ensure that the processing is carried out with the consent of the data owner or in cases where the law authorizes it, ensuring that standards of quality, information, transparency and security are ensured.
For its part, the Personal Data Protection Agency seeks to be a decentralized body that will aim to ensure the effective protection of the rights that guarantee the private life of people and their personal data.
Regarding the rights of individuals, the proposal defines that “every person has the right of access, rectification, deletion, opposition, portability and blocking of their personal data”, since, “such rights are personal, non-transferable and inalienable and cannot be waived.” They may be limited by any act or convention.”
The initiative contemplates, among other aspects:
It provides the country with modern and flexible legislation in the processing of personal data, in line with the international commitments acquired with the country’s incorporation into the OECD.
Improve legal standards, the country will have adequate levels of protection and security in data processing, promoting the development of the digital economy and favoring the expansion of the global services market.
It reinforces the rights of people in relation to the processing of their personal data (the so-called “ARCO rights”), and introduces new rights linked to the digital society, such as the right to the portability of personal data and the right to object to evaluations. automated personal data (called “profiling”).
ARCO rights have been understood as:
Right of access or information: You can request information about your data, such as the purpose of its storage.
Right to rectification or modification, with which you can request that your data be modified when it is erroneous, inaccurate, equivocal or incomplete.
Right of cancellation or deletion, to delete your data under certain causes, even if you have provided it voluntarily or its treatment does not have a legal basis.
Right to object, to stop using your data for advertising, market research or opinion surveys.
Right to block, for the temporary suspension of a data processing operation under certain causes. This right will apply, for example, if you want your data to no longer appear in a decision of the CPLT that resolves a protection of the right of access to information.
The Bill strengthens the international transfer of data within a framework of security, protection and reciprocity.
It redefines the standards for data processing by public bodies, imposing principles, rights and obligations, and an expeditious mechanism so that people can exercise their rights and punish possible infractions.
Creates a control authority called “Personal Data Protection Agency”, directed by a collegiate body. It is a public, autonomous corporation, of a technical nature, in charge of ensuring the protection of the rights and freedoms of data owners, and of regulating and supervising the processing of these data.
It contemplates a law compliance model that incorporates a catalog of infractions and sanctions, an infraction procedure, judicial claims and a system that prevents and encourages voluntary compliance with the law.