Publications

Technology

Spanish Data Protection Agency fines bank 6 million euros for infringement of the General Data Protection Regulation.

In an interesting resolution, dated January 13, 2021, the Spanish Data Protection Agency or AEPD fined the entity Caixabank S.A. (hereinafter CaixaBank) with 6 million euros for infringement of the General Data Protection Regulation (GDPR), in particular for accrediting the violation of Articles 6, 12, 13 and 14 of the above mentioned legal body (procedure No. PS/00477/2019).

Regarding the infringements detected by the AEPD in the contractual changes implemented by CaixaBank to adapt its privacy policies to the RGPD, the agency fined 2 million euros for minor infringements (in relation to the violation of the principle of transparency regarding the information to be provided to users) and 4 million euros for a serious infringement (given the imprecision regarding the bases of legitimacy of the processing and, also, because the presentation of consent did not comply with the applicable regulations).

The sanctioning procedure took place as a result of the fact that, in 2018, a bank user filed a complaint with the AEPD, claiming that CaixaBank imposed on him the obligation to accept the new conditions regarding the protection of personal data, and in particular, regarding the transfer of his personal data to all the companies of the entity’s group. Furthermore, it argued that in order to cancel this transfer, it had to send a letter to each of the companies in the group, which it reported as excessive.

Although this resolution is not applicable in Chile, and its legal basis is the RGPD, it is of interest to know it, because in our country there is a bill that seeks to increase the standards of protection of personal data to a level similar to the European (bulletin 11144-07); matter that is currently regulated in Law No. 19.628 of 1999, on the Protection of Private Life.

The resolution under discussion contains interesting legal grounds that may be useful when the bill is enacted. It is especially relevant with respect to valid consent, the bases of legitimacy or lawfulness of data processing and the application of fines.

Regarding this last point, the bill so far provides for the classification of infringements as minor, serious and very serious. Minor offenses would be punishable with a written warning or a fine of 1 to 100 UTM, serious offenses with a fine of 101 to 5,000 UTM and very serious offenses with a fine of 5,001 to 10,000 UTM.

It should be noted that the bill is currently being discussed in the Senate, in the first Constitutional procedure.

Should you require additional information on this matter, please contact Jorge Tisné (jtisne@jdf.cl).

Ministry of Science submits to public consultation the first National Policy on Artificial Intelligence.

On December 15, 2020, the Ministry of Science, Technology, Knowledge and Innovation opened the public consultation regarding the draft of the Artificial Intelligence Policy.

The aim of the consultation is to receive comments from both researchers and developers of artificial intelligence, as well as from citizens who are exposed to this technology on a daily basis. After this step, the first Chilean Artificial Intelligence Policy will be published, which will outline a roadmap for the responsible development and adoption of this technology in the country.

The draft includes a description of artificial intelligence and its implications for Chile, the process of creating the policy, its guiding principles and the axes on which it is built. Regarding this last point, the proposed axes are the enabling factors (technological infrastructure, development of talent and data), development and adoption, as well as ethics, legal and regulatory aspects and socio-economic impacts.

It will be possible to participate in the consultation until January 6, 2021 at 11:59 p.m.

The draft can be reviewed at https://drive.google.com/file/d/1oJBEV4Y7mIAEtjTu2nqamnHdQNgEq-si/view

You can participate in the consultation by filling out the form available in bit.ly/FormularioIArtificial

If you require additional information on this matter, you may contact Jorge Tisné (jtisne@jdf.cl).

Council for Transparency approves updated and consolidated text of its recommendations on personal data protection addressed to State Administration bodies

On December 7, 2020, Resolution No. 304 was published in the Official Gazette by which the Council for Transparency approves the “Updated and consolidated text of the recommendations of the Council for Transparency on the protection of personal data by the organs of the State Administration and replaces text that indicates” (the Recommendations).

The Recommendations are intended to guide the concrete application of the new fundamental right to the protection of personal data, in addition to providing legal criteria to the State Administration bodies in the processing of personal data carried out within the scope of their competences, in order to comply with the legal obligations they have as data controllers, in accordance with the provisions of Law No. 19,628 and other relevant regulations.

The Recommendations, by way of introduction, develop definitions (personal data, sensitive data, register or database, data controller, data processing, data processor, sources accessible to the public, out-of-date data, statistical data and data dissociation); describe the guiding principles of data processing (lawfulness, quality, duty of information, security, confidentiality and special protection of sensitive personal data); and state the rights of the holders of personal data (access to their own data, rectification or modification, cancellation or deletion and blocking of data).

Then, the Recommendations provide guidance on various matters involving the State administration bodies with respect to the personal data of their holders. In this sense, they are addressed individually:

i) Procedure and form for the exercise of rights, as well as limitations to their exercise;
ii) Specific obligations when processing the data;
iii) Special rules for the processing of sensitive personal data;
iv) Processing of personal data relating to crimes, administrative infringements or disciplinary offences;
v) Obligation to register the databases in the Registry of Personal Data Banks in charge of Public Bodies;
vi) Communication or transmission of personal data;
vii) Processing of data through a data processor;
viii) Security measures of data banks or registries;
ix) Obligations in case of data processing for surveys, market studies and opinion polls;
x) Liability for infringements and right to indemnification;
xi) Data protection officer; and
xii) Recommendations on personal data protection by design.

In case you require additional information on this matter, you may contact Jorge Tisné (jtisne@jdf.cl).

Supreme Court overrides demand for restitution of funds granted to National Doctoral Program scholar.

In an interesting resolution dated November 3, 2020, the Supreme Court (Role No. 92.008-2020), upheld the ruling of the Court of Appeals of Valdivia and accepted the Appeal for Protection filed by a scholarship holder of the National Doctoral Program against the National Agency for Research and Development (“ANID”).

The facts that motivated the action were that in 2008, CONICYT, now ANID, granted the appellant a scholarship to attend the Doctorate Program in Anthropology at the Universidad Católica del Norte. However, in ANID’s opinion, the appellant obtained the degree of Doctor after the date established by the rules and regulations (2018), so when he was in default, he decided to request the restitution of the funds granted for that purpose.

The Supreme Court, in view of the purpose of the scholarship granted and pursuant to Section 2 of Law No. 20.905 (as amended by Law No. 21.006), declared that the appellant had obtained the degree of Doctor less than one month later than the date established by the applicable rules and regulations.

In this regard, the Court held that “without a doubt, the appellant fully complied with the obligation imposed by the respondent when it decided to finance his studies at the Universidad Católica del Norte, since, as is clear from the respective Rules of Procedure, the purpose of the competition in question was to pay for ‘studies leading to a Doctorate in Chilean Universities,’ which is precisely what the appellant did” (Recital Seven).

Consequently, the demand for the restitution of all the money was arbitrary, and therefore, violated the fundamental guarantees of equality before the law and the appellant’s right to property.

The sentence was agreed upon with two dissenting votes, which were to revoke the sentence that had been raised and to dismiss the attempted Appeal for Protection. This was based on the fact that the facts that were the object of the action were not undisputed and because the contested act was in accordance with the law (restitution of the amounts paid) since the degree was obtained after the date established by the applicable regulations.

In case you require additional information on this matter, you may contact Jorge Tisné (jtisne@jdf.cl).

Santiago Court of Appeals pronounces itself on the “Right to Oblivion”.

On October 27, 2020, the Court of Appeals of Santiago (Role No. 16.010-2020), rejected the Appeal for Protection filed against the search engines Google, Bing, Yahoo and the encyclopedic web Wikipedia (the respondents).

The facts that motivated the appeal were that the appellant had been denounced in a newspaper report as the alleged author of illegal conduct of a sexual nature, by virtue of which the Public Ministry initiated an investigation, concluding with the definitive dismissal of the appellant.

In this regard, the complainant pointed out that the information published by the defendants in connection with the investigation constituted an arbitrary and illegal act, since it violated his rights to psychological integrity and privacy. He based his claim on the protection of the “right to forget”, linking it to the right to cancel personal data under Law 19.628 on the protection of private life.

The Court of Appeals of Santiago described the “right to forget” as the aspiration of a person to the elimination of information that causes him harm and that is contained in computer systems connected to the world information network.

Likewise, the Court indicated that such right is not established in the Chilean legislation and that search engines are not responsible for the data created by users, but that their function is limited to indexing the information, which is created by third parties under the protection of the freedom to express an opinion and to provide information.

Finally, he ruled out the violation of fundamental guarantees because the information indexed was true and current (not outdated).

It is worth mentioning that the case is not firm and enforceable, and the appellant may infer an appeal to the Supreme Court.

In case you require additional information on this matter, you may contact Jorge Tisné (jtisne@jdf.cl).

Ministry of Science, Technology, Knowledge and Innovation approves “National Policy on Science, Technology, Knowledge and Innovation.

On October 27, 20202, Decree No. 4 of the Ministry of Science, Technology, Knowledge and Innovation (hereinafter the “Policy”) was published in the Official Gazette.

The Policy assumes Science, Technology, Knowledge and Innovation as key transforming agents to achieve a sustainable and integral development, which contributes to trace its own path to improve the quality of life of people and develop the territories.

The policy is defined on the basis of the following guiding principles (i) Excellence and adaptability; (ii) Partnership; (iii) Openness and transparency to promote an accessible and global information ecosystem; (vi) Diversity; (vii) Ethical commitment.

The Policy defines four main lines of action aimed at establishing links with society, action for the future, strengthening the ecosystem of science, technology, knowledge and innovation, and finally, institutional capacities.

The complete Decree is available at https://www.diariooficial.interior.gob.cl/publicaciones/2020/10/27/42790/01/1835789.pdf

In case you require additional information on this matter, you can contact Jorge Tisné (jtisne@jdf.cl).

Ministry of Economy submits to citizen consultation “Regulation of Electronic Commerce”.

Article 30 of Law No. 19.496, which establishes Rules on the Protection of Consumer Rights, provides that when products or services are offered on Internet sites (e-commerce), suppliers must offer their essential characteristics and services, and must comply with the conditions determined by a Regulation, which is still pending.

In order to ensure that consumers make duly informed decisions, strengthening their right to free choice, the Ministry of Economy has made available to the public the draft “Electronic Commerce Regulations”. In this way, comments and opinions are sought to improve the preliminary text of the project.

The project establishes minimum information duties for the different actors in electronic commerce, whether they are sellers or intermediaries (marketplace), in order to guarantee compliance with consumer rights.

The consultation began on October 5, 2020 and will end on October 27.

The minutes of the consultation and the proposal for a regulation are available at https://www.economia.gob.cl/2020/10/05/consulta-ciudadana-reglamento-de-comercio-electronico.htm

In case you require additional information on this matter, you can contact Jorge Tisné (jtisne@jdf.cl)