• Companies in Latin American countries want consistency in nations’ data laws • European Union officials recently explained new data protections at a conference in Chile
Regulators and companies across Latin America are pushing for governments to adopt a regional approach to personal data protection, emulating the EU’s new general data protection regulation.
The region took its first steps toward regional regulation after the ten-member countries of the Ibero-American Data Protection Network—including Argentina, Chile, Colombia, Mexico, Peru, Portugal Spain and Uruguay—adopted new data protection standards.
The Ibero-American Standards on Data Protection, loosely based on the General Data Protection Regulation, aimed to form consensus among countries in the region, said Luis Parra, head of data protection at Mexico’s data protection and transparency agency Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI), at a May 25 seminar in Santiago, Chile.
The event was among three organized by the European Union to mark the birth of GDPR. Others were held in New Delhi and New York.
Bruno Gencarelli, the European Commission’s head of international data flows and data protection, said the EU welcomes such attempts at emulation so that the world advances toward a global system of data regulation.
“We are not looking for carbon copies, but it helps to have compatible legislation,” Gencarelli said.
It comes amid growing divergence among the world’s largest economic powers on how personal data should regulated.
“We are not all going in the same direction,” Mario Cimoli, deputy executive secretary of the United Nations’ Santiago-based Economic Commission for Latin America and the Caribbean, told Bloomberg Law.
Privacy advocates celebrated the adoption of tough data protection rules in Europe. But there are doubts about how far the region should go in emulating the European model.
The European rules are “an example to follow but it is extremely important that we are rigorous in adjusting it to the local realities,” Catherine Tornel, head of capital markets at Chile’s Finance Ministry, told Bloomberg Law.
A major concern is that the adoption of tougher standards could hinder economic development.
Tornel noted that Chile’s new government supports an initiative in Congress to modernize the country’s privacy laws and create a Spanish-style data protection agency. The initiative “achieves a good balance between protecting individuals’ fundamental rights and providing a legal base which allows the development of the legal economy,” he said.
Senator Felipe Harboe, a privacy advocate in the Chilean Congress, noted that the legislation is less “audacious” than the European GDPR, relying more heavily on self-regulation and companies’ voluntary adoption of best practices.
Chile, which was one of the first Latin American countries to introduce protection for personal data when it introduced the law almost 20 years ago, hopes to position itself as a leading country for innovation and financial services in the region.
Chilean companies are already worried that the tighter data regulations in the works could cost them business. Forcing customers to explicitly opt in to receive information from companies could mean they possibly miss out on offers and discounts that could interest them, said Cristian García Huidobro, secretary general of the Santiago Chamber of Commerce.
But analysts see tighter regulations of personal data in the region as inevitable, and the biggest concern among global companies is whether rules are consistent in countries where they operate.
Asier Crespo, Microsoft’s legal director for Spain and Portugal, said the company extends the same individual rights to all its customers regardless of country.
“All moves toward standardization of the rules between countries is positive,” Crespo told Bloomberg Law.
Standardized rules will also help customers, Fernando Saiz, head of regulation, strategy and corporate affairs at Telefonica Chile, told Bloomberg Law.
“How can we ask a Chilean developer to make his app comply with 125 different standards?” Saiz said.
To contact the editor responsible for this story: David Mark email@example.com