The Inter-American Juridical Committee adopts report on personal data protection by consensus

This report was written in response to a request to the CJI by the OAS General Assembly in June 2014, when, in resolution AG/RES. 2811 [XLIII-O/13], it instructed the Inter-American Juridical Committee to prepare proposals for the Committee on Juridical and Political Affairs on the different ways in which the protection of personal data can be regulated, including a draft model law on personal data protection, taking into account international standards in that area.

The report adopted by the CJI and presented to the OAS Permanent Council on March 31, 2015, is the product of consultation with experts and others involved in formulating principles and practices in this field, including some working in a European Union context and with other regional groups, as well as with representatives of governmental, academic, business, and nongovernmental institutions.

Mindful that personal privacy and data protection continues to be a field subject to rapid technological advances and constantly evolving threats to privacy; and bearing in mind the different approaches adopted in different parts of the world in response to those changes and threats, and the apparent lack in our region of a uniform and coherent approach, the CJI considered that its most important contribution to the consolidation of a uniform legal framework was to tap the experience and achievements of the Americas and other regions and come up with a proposed framework that the States of the Americas might apply.

Based on a number of consultations, the Rapporteur concluded that the CJI’s most productive option would be to prepare proposed legislative guidelines for the member states based on 12 principles previously espoused by the Committee (CJI/RES. 186 (LXXX-O/12)), with a few minor amendments, rather than an agreement on the exact details of the wording of a specific law. In this endeavor, the Committee benefited from some of the directives prepared by such organizations as the European Union, the OECD, and APEC, as well as from best practices and experiences in this field.

The CJI is the advisory body on juridical matters of the Organization of American States. Its principal function is to promote the progressive development and the codification of international law; to study juridical problems related to the integration of the developing countries of the Hemisphere; and to foster the attainment of uniformity in the legislation of the member states.

» Document CJI doc. 474 15 rev. 2

» For additional information about Personal Data Protection, please visit our Website (only Spanish)

Implementation of the National Do Not Call Registry in Argentina

On December 17, 2014, the Argentine Executive Branch issued Decree No. 2501/2014 (hereinafter, the “Decree”) regulating Law No. 26.951 (hereinafter the “Law”) which created the National Do Not Call Registry.

The Law allows any individual or legal entity, owner or authorized users of telecommunication services of any kind, to register their telephone numbers with the National Do Not Call Registry at no cost to block telephone calls from companies advertising, offering, selling and giving unsolicited goods or services.

The Decree extends the application of the Law to those companies hiring marketing campaigns conducted abroad but addressed to the Argentine market. It also states that the Law is binding not only for those companies that contact individuals or legal entities directly by their own but also to those that do it through third parties, notwithstanding, in this last case, of the liability of the contractor or direct beneficiary of the call or the joint liability established in section 11 par. 4) of Law No. 25,326 if applicable. Companies performing advertising campaigns falling under the Law must check the latest updated version of the list of individuals or legal entities registered with the National Do Not Call Registry prior to launching each promotional campaign and, at least, with a periodicity of 30 calendar days from the last consult of the National Do Not Call Registry.

Moreover, the Decree states that companies must respect and comply with the right to individuals’ blocking by having a list of those persons (individuals or legal entities) that do not wish to be contacted. The Decree provides that companies must always call from a visible number for caller ID and also regulates the procedures for individuals to file complaints. On January 16, 2015, the National Personal Data Protection Authority (hereinafter, the “DPA”) issued Regulation No. 3/2015 (hereinafter, the “Regulation”), implementing the registration and cancellation procedure with the National Do Not Call Registry for consumers or authorized users of mobile services, as well as the procedure companies must follow to access and check the list of registered people with the National Do Not Call Registry.

It is important to mention that the Law expressly excludes from its scope the following: (i) public welfare campaigns, (ii) emergency calls to secure people’s health and safety, (iii) election campaigns, (iv) calls from providers or suppliers under existing contracts in force provided that they refer to the specific purpose of the contract and are made at reasonable time and manner according to regulations and (v) calls from those who were expressly authorized to do so by owners or authorized users of telecommunication services of any kind registered in the National Do Not Call Registry. The National Do Not Call Registry is operating since January 16th, 2015 and the DPA is taking an active role in monitoring the compliance of the Law. This article contains general information and does not constitute a legal opinion.

Pablo Palazzi – Marco Rizzo Jurado – Lucila Gonzales Breard

Source: Allende & Brea

 

Data Protection courses in Latin America (Colombia, Argentina and Chile)

Teaching data protection courses in Law School is a growing trend in Latin America.

Prof. Nelson Remolina from Universidad de los Andes has organized a data protection course for the last 3 years.

In Chile there is a seminar taking place on April 22 and 23 in the School of Law of University of Chile, in Santiago (Chile).

seminario

This year I will be teaching for the first time a data protection seminar in San Andres University. It is an six week course designed to cover the general principles of privacy and data protection plus some special sectors like telecom, internet, credit reporting and marketing. The course is part of a Program on Law and Techonology  (see our blog here) that we are unveiling this year in the School of Law of San Andres University and that will cover also other courses.

Enforcement of the do-not-call list in Argentina

The Data Protection Agency of Argentina (in charge of the Do Not Call Registry) has started to send Enforcement Notices (see below) to several companies for non compliance with the national do not call registry law.

The note is based on complaints filed by numerous users who has been receiving telephone calls from companies, even if they are clients (the law is very strict, it allows only contacting a current client but not for new products or offers). The companies will have ten days to answer this first notice and provide an explanation.

 

SCAN0014 ok

New book about Asian Data Privacy Laws

Book Review: Graham Greenleaf, Asian Data Privacy Laws. Trade & Human Rights Perspectives, Oxford University Press, 2014, 579 pp.

Comment by Pablo A. Palazzi (Prof. Univ. of San Andres)

After receiving my copy of Asian Data Privacy Laws which explores the development of data protection and privacy laws in Asia, I was fascinated to discover how fast the idea of legislating data privacy has expanded in the region.

The author of this book is Graham Greenleaf, a Professor of Law at the University of New South Wales. He is also the co-director of the Australasian Legal Information Institute (shortened as AustLII). The author has been researching the topic of his book for a long time (you can see several articles at his SSRN web page).

Graham Greenleaf’s well-researched book explores in detail the issue of privacy and data protection in several Asian nations. The book is divided into several parts:

  • Part I, covering the context and history of Data Privacy laws in Asia, including a complete overview of international structures affecting Data Privacy and an introduction to the standards that the author uses to compare each country legal regime;
  • Part II, analyzing all countries of Asia in twelve chapters and in detail several countries;
  • Part III, covering a comparison of current principles of data protection available in the region and commenting on future prospects for Asia.

Continue reading New book about Asian Data Privacy Laws

Human Rights Council creates Special Rapporteur on Privacy

Today the UN Human Rights Council adopted by consensus a resolution that establishes a UN Special Rapporteur on the right to privacy. We couldn’t write to you earlier as negotiations have been ongoing till now and we did not know the timing or outcome.

This is a great achievement and I would like to thank all of you for your support. I know that the proponents of the text (Brazil and Germany in particular) were very grateful by the widespread support to this initiative from civil society around the world.

The Special Rapporteur will provide much-needed leadership and guidance on developing an understanding of the scope and content on the right to privacy, as well as strengthening the monitoring of states and companies’ compliance with their responsibility to respect and protect the right to privacy in their laws, policies and practices.

Link to PI’s press release welcoming this development:https://www.privacyinternational.org/?q=node/549

The following were the original co-sponsors of the resolution: Angola, Argentina, Austria, Belgium,Bosnia and Herzegovina, Brazil, Bulgaria, Croatia, Cyprus, Chile, Denmark, Djibouti, El Salvador, Georgia, Germany, Greece, Haiti, Honduras, Hungary, Iceland, Indonesia, Ireland, Italy, Liechtenstein, Luxembourg, Mexico, Montenegro, Netherlands, Nicaragua, Norway, Panama, Paraguay, Peru, Poland, Portugal, Serbia, Slovakia, Slovenia, Spain, State of Palestine, Switzerland, Tajikistan, Timor-Leste, Uganda, Uruguay, Zambia.

Peru – education by the DPA of Peru

The data protection agency of Peru has started an informative campaign, similar to the ones already done by Argentina or Uruguay. The dpa of Peru has also created two videos available on Youtube, one for kids and another one explaining the functions of the dpa.

I think education campaigns are very important in Latin America, specially in children so they became aware of their rights and the consequences of the sometime incorrect use of new technologies.