The Personal Data Use, Legislation and Analysis in Latin America

by Digital Rights LAC on October 18, 2023

By Germán Delgado Realpe*

Latin America is experiencing a special moment on personal data use, legislation and analysis. First, by the new rules of personal data and information from countries such as Colombia, Chile and Mexico, as well as the dissatisfaction expressed by countries like Brazil and Uruguay on the United States’ electronic surveillance. Personal data handling, use, legislation and analysis are a reality that is just beginning in Latin America.

“I carry the consequences of the electronic surveillance which does nothing but create distrust” were the words of the president of Uruguay, José Mujica, at the UN General Assembly a few weeks ago. The discontent over the privacy loss due to cyber-surveillance is a reality that is affecting several Latin American countries.

At the other extreme, we have new rules to protect personal data in countries like Mexico, where the Federal Institute for Access to Public Information and Personal Data (IFAI, in Spanish) holds the control, or in Colombia with the establishment of the Delegation for Data Protection of the Superintendence of Industry and Commerce. The same happens in Chile with the so-called DICOM Act, which changes the way to access natural and legal persons’ data.

In the past two years data legislation has multiplied in the region, where an information protection culture for individuals and businesses is being consolidated, where data protection policies, notices of Privacy and sanctions are tools to protect privacy.

The greatest problem is that no many are interested in the subject. There is such a proliferation of social networks, new technologies and applications that privacy is left aside simply for the sake of being connected. While it is true that the rules in the South American countries are similar to Spanish and European standards, at the moment the legal and cultural enforcement of data protection is difficult.

Personal Data Use and Analysis

Currently, personal data is used every hour, every second, from simple fingerprint to entering a building to the easy registration to download a phone application. Having certainty of where is stored or managed the data is in many cases almost impossible. The databases define us and pave the way to a new concept known as Big Data, which begins to feed on the privacy to provide profiles, tastes and different studies based on information collection.

Personal data analysis is a necessity for many companies, but it can be collected solely with users’ consent. Our permission must be expressly granted. And the data collected can be used for detailed analysis of aspects such as where we live, where we work, what we eat, whom to vote, etc.

The information is processed and legally sold or delivered to companies, individuals or even governments. Discreetly privacy laws contribute to espionage and database control. Technically data providers get the information from public records, but also from how we expose ourselves online.

Legislation and Implementation

Personal data standards are relatively new in Latin America. The Colombia’s National Database Register will be operating soon. In Mexico, a technical mechanism to generate privacy notices has been recently enabled on the IFAI webpage. Many companies are beginning to develop and incorporate data protection policies in their processes, thus tools or software to implements the laws are becoming more common.

It is possible to find companies from different sectors that are judicious in conducting database legal control in order to avoid penalties or fines. However, there is a large percentage of companies that are not well advised, do not want to invest in data protection or do so only when there are information leaks or legal requirements that may affect their reputation.

The legislation must be accompanied by a cultural component. There is a need to educate on the importance of privacy; data protection is a fundamental right. In addition, it must be taught that there are data encryption tools for protecting information. Users must understand that no one can force us to hand over information.

Where We Are Heading?

In the “Criptopunks” prologue - last book of Julian Assange with Jacob Appelbaum, Andy Müller-Maguhn and Jérémie Zimmermann - it is made a special call to Latin America to be aware of data privacy. It is also highlighted how data encryption must become an everyday tool, as well as how important it is that the people are aware of our rights to self-determine where we want our information to be.

The countries that are already implementing personal data standards must seek a balance between information analysis, public information access and privacy. Strengthen partnerships are needed in Latin America to help protecting users’ privacy, as well as seeking opportunities to discuss over cyber-surveillance and personal information misuse.

The Heads of State have every right to demand, to countries like the U.S., the respect for the personal data of its citizens. But most important is that the citizens themselves demand the respect of their rights and the enforcement of the law. But mostly we all need to understand what it means to be under surveillance.

The future depends on the perfect balance between Internet freedom and privacy.

* Lawyer, Specialist in Computer Law and New Technologies. Auditor in Information Security, ISO 27001. Consultant on Cloud Computing and Data Protection. CEO of Cloud Security. e-mail:

[Translated by, Amalia Toledo]