português brasileiro

In our country, the law that applies to per­sonal informa­tion is the pro­tec­tion of per­sonal data (Number 19,628), in force since August 1999, with changes in the years 2002 and 2011.[1]

The pro­ces­sing of per­sonal data (if any ope­ra­tion or complex of ope­ra­tions or technical pro­cedures, automated or not, that allow to collect, store, record, orga­nize, pro­cess, select, extract, compare, inter­connect, disso­ciate, com­mu­nicate, yield, transfer, transmit or cancel per­sonal data, or use them in any other form.) can only be done if the person aut­ho­rizes, prior know­ledge of the pur­pose for which the data is mai­n­tained and the pos­si­bility of making it public. Both the aut­ho­riza­tion and the revo­ca­tion of the aut­ho­riza­tion must be done in writing. No aut­ho­riza­tion is necessary if the data can be found in a public register when they are of an eco­nomic, financial, banking or commer­cial nature, they are con­tained in lists related to a category of per­sons that are limited to indica­ting informa­tion such as the individual's membership. That group, their pro­fes­sion or activity, their educa­tional quali­fica­tions, neither addresses or date of birth, or are necessary for commer­cial com­mu­nica­tions of direct response or commer­cializa­tion or direct sale of goods or services, nor is aut­ho­riza­tion required for the exclusive private use of compa­nies.

Whoever is responsible for the data pro­ces­sing (or responsible for the regi­s­t­ra­tion), can transmit the data they own to third par­ties, wit­hout the need for human interven­tion, when a) the rights of the per­sons whose informa­tion is in the data are guarded and b) the trans­mis­sion is related to the tasks and pur­poses of the partici­pa­ting orga­niza­tions. For the trans­mis­sion to be made, you must have the fol­lowing informa­tion:

a) The individualiza­tion of the requesting party;

b) The reason and pur­pose of the request (this is important for the third party, because only the informa­tion granted for the indicated reason can be used), and

c) The type of data that is trans­mitted.

The owner of the data is the one who declares the admis­si­bility of sending the data. The rule does not apply if the informa­tion is acces­sible to the public or trans­mitted to inter­na­tional orga­niza­tions in the case of trea­ties.

The data must be elimi­nated, in a secure manner, when it lacks a legal basis or has expired (mea­ning the one that has lost relevance due to the pro­vi­sion of the law, the fulfill­ment of the condi­tion or the expi­ra­tion of the period indicated for its validity. or, if there is no express norm, due to the change in the facts or cir­cum­stances that it sets forth). They have to be modi­fied if they are erroneous, inaccu­rate, equivocal or incomplete. And they have to be blo­cked (that is, the temporary sus­pen­sion of any pro­ces­sing ope­ra­tion of the stored data, which means that they cannot be ope­rated in any way) the data whose accu­racy cannot be estab­lished or whose validity is doubtful and with respect to the cancella­tion does not cor­respond. All the above must be done by the owners of the data.

People who have a job in rela­tion to per­sonal data must keep secret about these data, unless they are public know­ledge, this obliga­tion does not cease once the employ­ment rela­ti­onship ends.

The data must be used only for the pur­poses for which they were collected, unless they are obtained or come from public access sources, all informa­tion must be accu­rate and real.

Sen­si­tive data cannot be treated (these are per­sonal data that refer to the phy­sical or moral cha­racte­ristics of people or to facts or cir­cum­stances of their private life or privacy, such as per­sonal habits, racial origin, ideo­logies and political opi­nions , reli­gious beliefs or con­vic­tions, phy­sical or mental health states and sexual life.)

The owner of the per­sonal data of third par­ties must be diligent, being responsible for the damages caused by their lack of diligence.

Eve­r­yone has the right to demand informa­tion from the person responsible for their tre­at­ment, the informa­tion they have about it, its origin, its pur­pose and the orga­niza­tions or compa­nies that had access to them. Ano­ther right that people have is to request the modi­fica­tion, blo­cking or cancella­tion of the per­sonal data collected, in the cor­responding cases, being an addi­tional cause to those already indicated, the fact that they are used for commer­cial com­mu­nica­tions and do not wish to con­tinue appea­ring in the respec­tive regi­stry, whe­ther defini­tively or tempora­rily; When these modi­fica­tions or cancella­tions are made, a free copy must be given to the person with the updated informa­tion, in addi­tion to the data pro­cessor, if you sent these inaccu­rate data to third par­ties, you must notify them of its modi­fica­tion as soon as pos­sible, if you know the third par­ties, giving informa­tion to them in a per­sonal way, if they did not know them, giving public notice, this right is inali­enable for the par­ties. Likewise, people have the right to obtain a free half-yearly copy of the data that the treater has in their pos­ses­sion.

Modi­fica­tion, blo­cking or cancella­tion cannot be requested in the fol­lowing cases:

a) When this prevents or hinders the proper per­formance of the auditing func­tions of the required public body, or

b) Affect the reserva­tion or secret estab­lished in legal or regulatory pro­vi­sions, the national secu­rity or the national interest; or

c) The data stored by legal man­date, outside the cases con­tem­plated in the respec­tive law.

If the person responsible for the data does not respond to the request, within 2 days of request, or refuses for rea­sons other than national secu­rity, the person can go to the court of letters to request the modi­fica­tion. The request will be noti­fied by cedula, and the data pro­cessor has 5 days to answer and give all the evidence, if it does not have it in its power, it can request that a hea­ring be held to take the test. Sub­sequently a judg­ment will be handed down, on which recourse of appeal is made, within the period of 5 days from the noti­fica­tion, on appeal no appeal of cas­sa­tion. If accepted, a deadline for compli­ance will be given and the controller can be fined with a fine of 1 to 10 UTM, if not complied with, a fine of 2 to 50 UTM[2] will be imposed.

The responsible party shall be liable for all damages caused by the improper tre­at­ment, in addi­tion to orde­ring its modi­fica­tion, blo­cking or cancella­tion, and the judge may take the measures to pro­tect the rights, the compen­sa­tion shall be determined by the judge.[3]

[1]( online)  Library of Chilean Congress, Law 19628.

Monthly Tax Unit (UTM): Unit defined in Chile that cor­responds to an amount of money expressed in pesos and determined by law, which is updated perma­nently by the Con­sumer Price Index (CPI) and is used as a tax measure.

[3] This report was made by Álvaro Morales Cabezas, a lawyer with a degree from the Catholic Univer­sity of the Most Holy Concep­tion