Written by Charles Hamilton, Senior Associate
In 1999, Chile set a precedent in Latin America by enacting its very own Personal Data Protection Law. At the time, this was a groundbreaking step, positioning Chile as a leader in the region for safeguarding personal data. What’s remarkable is that, despite the rapid evolution of technology and the increasing significance of data in the global economy, this same law has remained unchanged for 25 years—until now.
This week marks a pivotal moment in Chile’s legal landscape. After nearly seven years of intense legislative debate and careful deliberation, the Chamber of Deputies has finally approved the final text of a new Personal Data Protection Law. This new legislation is not just a mere update; it represents a comprehensive overhaul that aligns with the growing economic importance of personal data, the latest technological advancements, and the rigorous standards set by international frameworks, particularly the European Union’s General Data Protection Regulation (GDPR).
The introduction of this law signifies Chile’s commitment to modernising its legal framework to better protect personal data in an era where information is power. With the final approval from the Constitutional Court pending and publication in the Official Gazette on the horizon, this law is set to introduce significant changes. Companies will have a 24-month window to adapt to the new regulations, which will not only transform the way personal data is handled but also establish a new regulatory institution—the Agency for the Protection of Personal Data.
Essential reforms
This law is more than just a legal update; it’s a critical step forward for Chile, ensuring that its citizens’ data rights are protected in a way that meets the demands of the modern digital age.
Among the essential points of this law, we can point out the following:
- Expanded Rights for Data Subjects: The law introduces a broader and more detailed set of rights that individuals can exercise over companies that control and process their personal data. These rights include:
- Access
- Correction
- Suppression
- Opposition
- Portability
- Blocking
- Review of automated decisions including profiling.
- New Grounds for Lawful Data Processing: While maintaining the requirement for prior, express, and informed consent, the law introduces new bases for lawful data processing, with particular emphasis on the legitimate interests of companies.
- New Agency for the Protection of Personal Data: A new autonomous entity is created, whose purpose is to ensure the effective protection of the rights that guarantee the privacy of individuals and their personal data and to supervise the provisions of the Law.
- New regime of sanctions and fines: In case of infringements to the new law, a catalogue of fines is established, which are classified as minor, serious and very serious. Infringements may range from a written warning or up to 5000 UTM (USD$350,000) in the case of minor infringements. This will increase up to 10,000 UTM (USD$700,000 approx.) in the case of serious infringements, and up to 20,000 UTM (USD$1,400,000 approx.) in the case of the most serious infringements.
What is the timeline for compliance?
Companies will have 24 months to comply with the regulation, which presents major challenges and requirements, including the following:
- Conducting audits of processes involving personal data.
- Determine the level of compliance and exposure to regulatory risks.
- Identifying databases and determining the legal bases for their processing.
This new legislation will position Chile as a secure jurisdiction for the international transfer of personal data, aligning it with countries that have robust data protection frameworks, such as Australia, the European Union, Canada or the United Kingdom. Ultimately, Chile will have a modern law that protects individuals’ rights in line with current global standards.
Conclusion
The enactment of Chile’s new Personal Data Protection Law marks a significant milestone in the country’s legal evolution, aligning its framework with international standards and responding to the growing importance of data in the digital age. Over the next 24 months, businesses will face the challenge of adapting to these rigorous new requirements, but with this comes the opportunity to build greater trust with consumers. By establishing stronger data protection practices and a new regulatory body, Chile is not only enhancing the security of personal data but also positioning itself as a regional leader in data privacy. This law underscores the critical role that data protection plays in today’s economy and sets a new standard for how personal information is respected and secured.
Need assistance in the transition period? Get in touch with our specialist team today.
Harris Gomez Group METS Lawyers ® opened its doors in 1997 as an Australian legal and commercial firm. In 2001, we expanded our practice to the international market with the establishment of our office in Santiago, Chile. This international expansion meant that as an English speaking law firm we could provide an essential bridge for Australian companies with interests and activities in Latin America, and to provide legal advice in Chile, Peru and the rest of Latin America. In opening this office, HGG became the first Australian law firm with an office in Latin America.
As Legal and Commercial Advisors, we partner with innovative businesses in resources, technology and sustainability by providing strategy, legal and corporate services. Our goal is to see innovative businesses establish and thrive in Latin America and Australia. We are proud members of Austmine and the Australia Latin American Business Council.
