AI & Data Privacy in Latin America in 2024
David Robillard
Independant Board Member | NED | Revenue Leader | Risk Advisor | Author
Technological evolution is constantly reshaping our lives. Data privacy is more important than ever with individuals and organizations emphasizing the importance of protecting personal information.
One of the main concerns for 2024 is the governance of generative Artificial Intelligence (AI). The increasing use of ChatGPT has shown that data privacy is essential for everyone, from social media and website users to businesses, app developers, regulators, among others.?
AI offers many advantages, but it can also be misused. As a result, there will be a surge in global AI legislation as countries try to adapt. Europe and the USA are creating new laws and guidelines for its ethical use. So far in Latin America, only Brazil, Chile, and Peru have specific regulations related to artificial intelligence.
Identity has become increasingly important in today’s digital environment. Background screening for job prospects rely on a digital presence. Having legal access to a person’s personal information means it must be treated with care. Organizations need to be respectful of people’s data sovereignty by treating their personal data correctly, as the law and a clear conscience demand.
Companies need sophisticated security technology to prevent cloud-based data loss which affects email, file sharing, and managed file transfer. Where technology is not updated this can become a serious issue for company success.
The countries of Latin America are continuing to work on improving data privacy laws, basing their efforts mostly on European guidelines.
ARGENTINA
While Argentina was the first in Latin America to create Data Protection laws, it has not updated them since 2000. However, there is a new Draft Law on the Protection of Personal Data waiting for approval for later this year. It is largely based on the General Data Protection Regulation (GDPR) of Europe.
The GDPR is Europe’s data privacy and security law that establishes some of the most stringent rules and highest standards around the world concerning personal data.
BRAZIL
The Brazilian government established The National Policy of Cybersecurity in December of 2023 with the aim of protecting public and private organizations from cyber incidents and attacks.
The priorities of the Brazilian Data Protection Authority or Autoridade Nacional de Prote??o de Dados for 2024 to 2025 include monitoring and orienting organizations, particularly digital platforms in the financial and telecommunications sectors, regarding data subject rights; the monitoring and protection of children and teenagers regarding their personal data on digital platforms; identifying potential risks in the use of AI; and monitoring data scrapping and data aggregation.
CHILE
On 3 January 2024 the Chilean Senate approved a Data Protection bill that aims to improve the rules relating to personal data of private persons, through the newly created Personal Data Protection Agency.
New guidelines for the use of artificial intelligence in the public sector have come into effect from January of this year published by the Ministry of Science, Technology, Knowledge, and Innovation. These include transparency and explainability, privacy and data use, among other measures.
COLOMBIA
In Colombia the Superintendent of Industry and Commerce (SIC) or Superintendencia de Industria y Comercio is the highest authority regarding personal data protection and data privacy. ?It is empowered to investigate and impose penalties on companies for the inappropriate collection, storage, usage, transfer, and elimination of personal data.
The Data Protection Law of Colombia, dating from 2012, provides the core legal framework for data protection within Colombia. The SIC previously held the presidency of the International Consumer Protection and Enforcement Network, known as ICPEN, until 2020.
COSTA RICA
There are two laws in Costa Rica that cover data privacy regulation. First, the Undisclosed Information Law which makes it a crime to disclose confidential or personal information without authorization. Second, the Protection in the Handling of the Personal Data of Individuals which regulates the activities of companies that administer databases containing personal information. Updated versions of the laws are under discussion. The new bill proposes aligning its provisions with Europe’s GDPR.
ECUADOR
On May 26, 2021, Ecuador adopted the Personal Data Protection Organic Law, based on Europe’s GDPR. Its main purpose is to guarantee the protection of personal data, including the access to information and personal data. The law mainly refers to the conditions that must be verified for the legitimate treatment of personal data. It also refers to the ways through which the owner of the personal data may express consent to the processing of personal data.
?More recently, a new law on Digital Security, Cybersecurity, Cyber-defense, and Cyber-intelligence proposes administrative and practical measures to address cybercrime, with a focus on the financial sector.
MEXICO
The Federal Law on the Protection of Personal Data held by Private Parties entered into force on July 6, 2010.
According to the National Institute of Transparency, Access to Information and Data Protection or Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI) this year will be challenging, particularly as it is an electoral year. The use of technology and access to people’s personal information will be crucial in the outcome of the presidential election. AI can be used to great effect in terms of spreading disinformation, particularly as Mexico still has no legislation that specifically regulates it.
The INAI also announced that Mexico City saw a 218% increase in identity theft using AI in 2023, mostly through hacked social media information, as well as cell phone information, cloning of bank cards and forging of signatures. They expect this trend to continue in 2024.
With an increased focus on data protection globally, Mexico may see a rise in regulatory expectations and enforcement related to data privacy, which will result in comprehensive compliance strategies.
PERU
The Personal Data Protection Law (PDPL) was enforced in 2011. In 2013, the PDLP (Regulation) was updated and set forth specific rules, terms, and provisions regarding data protection. Together, the PDLP and its Regulation are the primary data protection laws in Peru.
Currently, modifications to the PDPL are being discussed to include guidelines to allow database owners to properly use personal information, particularly with respect to digital data.
Presidential elections should be held in 2026 but are likely to be brought forward to 2024, with the aim of easing political tensions and heading off deadly protests.
The National Strategy for Artificial Intelligence, known as ENIA, recognizes Peru as a Latin American leader in research, development, innovation, deployment, use, adoption of AI, and in its ethical and responsible use in the production of public and private goods and services. These efforts aim to accelerate national development and promote digital inclusion while ensuring the reduction of social gaps.
领英推荐
PANAMA
The data protection law in Panama is partially inspired by Europe’s GDPR. The Autoridad Nacional de Transparencia y Acceso a la Información, known as ANTAI, regulates the processing of personal data in the country and requires data be kept confidential, in a secure database. It also establishes best practices, recommends policies for personal data protection, and develops regulations.
This law came into effect in 2021 and requires data processors to obtain consent first, so that the individual concerned can be informed of the proposed use of personal data.
Conscious of the power of AI, in 2023 Panama initiated a process of regulation, based on transparency, responsibility, non-discrimination, privacy, security, and oversight. This is important given the upcoming Presidential elections in 2024.
URUGUAY
Uruguay has taken a lead in terms of data protection and in 2012 became only the second country after Argentina to obtain an adequacy decision from the the EU. Today, Uruguay is working closely in alignment with Europe’s GDPR.?
A 2020 decree established a list of obligations and a new law entered into force on 1 January 2023 amending the Uruguayan data protection system to include amendments including disclosure to data subjects, as well as the powers of the URCDP (the Uruguayan data protection authority).
The Digital Government Agency of Uruguay has established a strategy since 2019 to regulate the use of AI. Its main objectives include promoting and strengthening the responsible use of AI in Public Administration. Through public awareness campaigns citizens are informed about what AI is and how it is being used by the Public Administration so that they may understand their rights in the digital sphere and how to exercise them. This is particularly essential given the Presidential elections that are to be held this year.
__________________________________________________________________________
In conclusion, data privacy trends in Latin America include developments in regulation and innovation in technology, which indicate a collective commitment to fostering a digital environment that respects and protects individuals’ rights. While individuals become more empowered and organizations prioritize responsible data practices, governments are having to take steps to promise a more secure, transparent, and privacy-aware digital era in the Latin American region. However, the process has been slow in a number of countries to date and much new legislation is required to properly safeguard individuals’ data.
It is incumbent on all of us to encourage a culture of respect towards data privacy as well as a responsible and ethical use of artificial intelligence.
_________________________________________________________________________?
?
References
https://home.inai.org.mx/wp-content/documentos/SalaDePrensa/Comunicados/Comunicado%20INAI-015-24.pdf
https://www.bloomberglinea.com/english/which-latin-american-countries-lead-the-way-in-ai-regulation/
?
?
?
?
?
?
?
Consulting Expert on Background Screening and Workplace Violence Prevention
1 年David, this a great article full of valuable information. I would like to include in Featured Resources section in the next edition of The Global Background Screener with your permission. We will include a brief summary and link to the full article.