Financial Crime World

Chile’s Data Protection Regulations: A Summary

Definition of Personal Data and Sensitive Data

Personal data in Chile is defined as any information concerning identified or identifiable natural persons. Sensitive data are broadly defined to include personal habits, racial origin, ideologies or political opinions, religious beliefs or convictions, physical or mental health conditions, and sexual life.

Controller and Data Processing

The Controller, also known as the “private individual or legal entity responsible for decisions related to the processing of personal data,” is accountable for ensuring the lawful collection, storage, recording, organization, elaboration, selection, extraction, confrontation, interconnection, dissociation, communication, assignment, transfer, transmission, or cancellation of personal data.

Authority and Registration

There is no specific authority dedicated to overseeing data protection in Chile. However, the Transparency Council ensures compliance with data protection laws by state administration organs. Public databases must be registered in the Civil Registry and Identification Service, but private databases are exempt from registration requirements.

Data Protection Officers and Collection/Processing

The PDPL does not require the appointment of a Data Protection Officer (DPO). Personal data can be processed with informed, prior, and written consent given by the data subject or if authorized by legal provisions. Processing is also permitted for financial, banking, or commercial purposes when personal data comes from publicly accessible sources.

Transfer and Security

The transfer of personal data is considered a processing activity, subject to the same rules as collection and processing. The PDPL does not establish specific measures for the security of processed personal data; however, controllers are liable in case of damages and required to take care of the data with due diligence.

Enforcement and Electronic Marketing

Data protection violations must be challenged through Constitutional Protective Action or ordinary civil courts. Private entities can create databases for marketing purposes, provided that requirements for collection and processing have been fulfilled.

Key Takeaways

  • Chile’s data protection regulations focus on protecting personal data from unauthorized use.
  • There is no specific law governing online privacy or cookies in Chile.
  • The Transparency Council ensures compliance with data protection laws by state administration organs.
  • Public databases must be registered, but private databases are exempt.
  • Data Protection Officers (DPOs) are not required under the PDPL.