Chilean Government to Introduce Bill To Establish Data Protection Authority

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Tom Azzopardi

Dec. 11 — The Chilean government will soon introduce legislation to create an autonomous body to oversee data protection issues, Deputy Economy Minister Katia Trusich said during a Dec. 9 event.

The new law would also require companies to register with the new authority databases containing personal information.

The legislation will seek to strike the right balance between protecting personal data and allowing data to circulate, the minister said at a seminar in Santiago organized by the government and the Transparency Council, the independent agency that handles requests for information directed to the government.

“This is an urgent issue for Chile,” because the country's existing data protection laws contain serious defects that resulted in individuals' rights regularly being violated, Trusich said.

Filling the Enforcement Gap

Chile's data protection framework law, the Law on the Protection of the Private Life (Law No. 19,628), was promulgated in 1999 and is based on Spain's framework data protection statute. The statute is designed to protect individual rights regarding personal information in line with the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights. But the law didn't create an agency to enforce those rights or provide for sanctions for those who violated the law.

The government established a special commission to review the law. The commission includes representatives of the government, civil society and the banking, insurance and retail industries.

The draft legislation is designed to fix the enforcement gaps in the law to bring it into line with standards promoted by the United Nations, the European Union and the Organization of Economic Cooperation and Development, Lorena Donoso, president of the Chilean Institute on Law and Technology and a professor of law at the University of Chile, told Bloomberg BNA Dec. 10.

This isn't the first time that the Chilean government has promised to introduce legislation to fill the enforcement gaps in the 1999 law.

In May 2011, the government announced data protection reforms as part of its economic growth agenda, saying that strengthening the framework statute would make the country a more attractive site for outsourcing activity, such as call centers. But no dataprotection reform legislation was introduced.


The proposed legislation would create a National Council for Data Protection as an autonomous body consisting of independent members—unaffiliated with industry and business interests—and chaired by a full-time president.

The council would promote protection and control of personnel data by individuals, issue guidelines on application of the law, regulate compliance with the law and issue sanctions for violations, such as fraudulently collecting or misusing personal data.

The new law would allow the data protection council to levy fines of up to 432 million Chilean Pesos ($700,000) for infractions.

Database Registry

Companies would have three years from the promulgation of the law to inform the data protection council of the databases they control and the kinds of personal information they contain. The information would be recorded in a National Data Protection Registry.

Individuals could apply to the data protection council to gain access to their information. Individuals would be allowed to ask a database owner to remove personal information if it is being used for purposes other than for which it was provided.

The legislation won't include credit score data, which will be covered by a separate bill being developed by the Finance Ministry, Trusich said. Credit report records are generally covered by a separate statute, which was amended in 2012 to better protect personal data.

Health records are also excluded from the proposed law.

Burdens on Businesses

The legislative proposal raised some concerns during the seminar from those concerned about additional compliance requirements for businesses.

But the final text, being worked on by the Economy Ministry, won't imply many changes from the current system, Donoso said.

Donoso represented civil society during the development of the bill.

Companies that follow international data processing standards “will practically not have to make any changes,” she said.

To contact the reporter on this story: Tom Azzopardi in Santiago at

To contact the editor responsible for this story: Donald G. Aplin at

Request Bloomberg Law: Privacy & Data Security