Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
By David Haskel
Colombian business interests are reacting favorably to a government proposal to make data transfers to the U.S. easier by finding its privacy laws adequate to protect personal data, privacy attorneys tell Bloomberg BNA.
The draft amendments to Colombia’s privacy rules aim for a more market-friendly approach that could ease the flow of low-level personal data to other nations and help attract investment, particularly by U.S. companies. Allowing U.S.-based multinationals to more easily move information in the global digital economy would make Colombia a stronger prospect for business investment, attorneys said.
The Industry and Trade Superintendence (ITS), the country’s privacy regulator, offered the draft proposal for public review July 18. In it, the ITS added the U.S. to the list of acceptable jurisdictions for receiving transfers of personal data from Colombia. The U.S. wasn’t included in the previous draft proposal issued in February.
Having the U.S. on a privacy adequacy list is significant because the European Union and countries that rely on privacy protection adequacy findings to allow broad data transfer approvals haven’t added the U.S. to their lists. The EU only recognizes U.S. privacy adequacy in the context of specific pacts to share airline passenger name records with law enforcement and national security officials, and to allow companies in the EU-U.S, Privacy Shield data transfer program to accept data transfers out of the bloc if they self-certify to the U.S. Department of Commerce their compliance with EU privacy principles.
The ITS added the U.S. after being pressured by industry groups, Heidy Balanta, head of the Escuela de Privacidad information technology law firm in Bogota, told Bloomberg BNA. “Corporate circles see it in a positive light and are happy with the proposed rules,” she said.
Dionisio de la Cruz, a business law senior partner with the Archila Abogados law firm in Bogota, told Bloomberg BNA that the country’s 2012 framework data protection law hews to EU standards. Putting the U.S. on the safe data destination list isn’t a full departure from European standards because it would only cover “data transmissions” of nonsensitive information among units of a company located in separate jurisdictions, or merely for storage purposes, such as in cloud computing, he said.
The more comprehensive term “data transfer” involves giving the recipient data-use rights, de la Cruz said. Data transfers would involve stricter privacy requirements, such as individual consent, he said. The distinction should facilitate business by simplifying procedures for the cross-border flow of low-sensitive data, Balanta and de la Cruz agreed.
The amended rules would allow a large measure of self-regulation. They would establish a presumption that data transfer contracts are in compliance with Colombian privacy law, with ITS notification being the only requirement before undertaking the transfer. The regulator would retain the right to verify the details of such contracts and take enforcement measures as necessary.
“Self-regulation is a healthy approach,” Balanta said. “Markets know that they cannot operate efficiently without flexible rules that allow for the free flow of information.”
Corporations, in particular large multinationals, should have no problem adapting to the planned new requirements, De la Cruz said.
The Colombian government has said it plans to approve and publish the final amendments as early as September.
To contact the reporter on this story: David Haskel in Buenos Aires at firstname.lastname@example.org
To contact the editor responsible for this story: Donald Aplin at email@example.com
The proposed rules amendments are available, in Spanish, at http://src.bna.com/rBk.
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)