Argentina

Argentina Subscribes to Convention 108

On February 28, the Agency of the Access of Public Information (Agencia de Acceso a la Información Pública) announced its subscription to the Convention 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convención 108) and its Additional Protocol (source documents in Spanish). The Convention 108 is the only multilateral binding instrument on data protection, which aims to protect the privacy of data owners against any misuse on data processing matters.

Brazil

Brazilian Consumer Protection Department Investigates Communications Provider's Data Privacy Breach

On February 28, the National Consumer Protection Department of the Brazilian Ministry of Justice and Public Security set up an investigation procedure against a provider of internet and mobile phone communications for allegedly using a digital tool capable of mapping users' internet browsing (source document in Portuguese). According to the Department, the provider, in conjunction with another company, allegedly violated consumer privacy by misdirecting users to an electronic address, which allegedly enabled the company to collect user navigation data.

Brazilian Government Investigates Integration of Social Media Platforms

On March 11, the Special Data Protection and Artificial Intelligence Unit of the Prosecutors' Office of the Brazilian Federal District initiated an investigation to monitor the integration of communication across social media platforms (source document in Portuguese). The investigation will determine whether the integration complies with Brazilian legislation, such as the Brazilian Federal Constitution and the Brazilian Civil Internet Framework.

Ministry of Justice Files Two Lawsuits Against Social Media Company

On March 12, the Brazilian National Consumer Protection Department of the Ministry of Justice and Public Security filed two lawsuits against a social media company and its local affiliate (source document in Portuguese). The first lawsuit involved the sharing of data from users extracted from the Facebook Login platform through an application. The second lawsuit involved the actions of hackers, who allegedly invaded accounts of Brazilian users registered in the Facebook Platform and collected personal data.

Chile

President Announces New Law to Perform Preventive Identity Control

On March 14, the Chilean pesident announced the implementation of a program that aims to modernize Chile's security services by employing security cameras and drones for crime prevention actions and their investigations (source document in Spanish). The program authorizes the police to investigate individuals older than 14 years of age.

Colombia

Superintendence Demands Social Media Company to Strengthen Security Measures

On January 28, the Colombian Superintendence of Industry and Commerce (Superintendencia de Industria y Comercio) requested that, pursuant to Resolution 1321, a social media company adopt measures that guarantee the security of Colombian users (source documents in Spanish). The communication specified that the measures must ensure compliance with Colombian regulations concerning the compromise of personal data by unauthorized or fraudulent access. At the end of this period, the company must deliver an official certificate that it implemented such improvements.

Ecuador

Public Data Authority Announces Drafting of Data Protection Law

On February 3, the National Director of the Personal Data Registry (Dirección Nacional de Registro de Datos Públicos) expressed the need for a Personal Data Protection Law for Ecuador (source document in Spanish). The current draft provides legal tools for private institutions that manage and work with databases to ensure that their personal data processing services are responsible and ethical, and it creates an information exchange between Ecuador and other countries.

Mexico

INAI Approves Annual Program for Compliance Verification

On February 7, the National Institute for Transparency, Access to Information, and Personal Data Protection ("INAI") issued the Approval of the Annual Program for Compliance Verification with Transparency Obligations by the Government Agencies in Federal Scope (Programa Anual para la Verificación del Cumplimiento de las Obligaciones en Materia de Transparencia por parte de los Sujetos Obligados del Ámbito Federal) (source document in Spanish). Among other initiatives, the program seeks to provide clarity for those involved; set the type, scope, and number of verifications that will be carried out during 2019; and publicize the schedule of actions to be developed during the verification process of 2019.

INAI Issues Tool to Document Security Measures

On February 8, the INAI issued the Breaches Evaluator (Evaluador de Vulneraciones), which can be used as a tool to register existing and missing security measures inside an organization (source documents in Spanish). The document allows users to create several evaluations or assessments of their security measures, using 142 questions based on function of the security measure and risks of infringement at each stage of the processing of personal data.

INAI Determines Attorney General's Office Breached Data Protection Law

On February 20, the INAI announced that the Attorney General's Office failed to comply with the security obligations and the principle of liability provided in the General Law on the Protection of Personal Data held by Government Agencies (Ley General de Protección de Datos Personales en Posesión de Sujetos Obligados) (source document in Spanish). The announcement found that the office lacked a log of data processing activities or a system to ensure the safe erasure of personal data, among other violations.

INAI Requires Sanctions for Individual Responsible for Personal Data Exposure at Financial Services Company

On February 25, the INAI stated that the Internal Control Division of the National Bank for Savings and Financial Services (Banco del Ahorro Nacional y Servicios Financieros-Bansefi) must sanction the individual responsible for the exposure of users' personal data on the internet during an update of its portal (source document in Spanish). The personal data was shared by certain users without the data owner's consent.

INAI and Mexican Institute of Teleservices Agree on Actions to Ensure Data Protection in Call Centers

On March 5, the INAI and the Mexican Institute of Teleservices announced the execution of a General Collaboration Agreement (source document in Spanish). The agreement covers processing of personal data in the teleservices sector and is designed to generate best practices, implement higher standards in the protection of data privacy, promote public policies, and strengthen the fulfilment of principles and duties in the private sector.

INAI and GPEN Present Results of Evaluation of Global Organizations

On March 5, the INAI and the Global Network for Law Enforcement in Terms of Privacy (Red Global para la Aplicación de la Ley en Materia de Privacidad-GPEN) announced the results of the Privacy Sweep 2018 (Barrido de Privacidad 2018) (source document in Spanish). The study analyzed the compliance of 365 organization from 18 countries with data protection laws and regulations. Results indicate that several organizations do not have pre-established processes to address complaints and queries posed by data owners and are not equipped to handle personal data security incidents and breaches properly.

Download >> Jones Day Global Privacy & Cybersecurity Update | Vol. 22

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.