On January 3, 2024, the Senate approved, in the third constitutional procedure, the report of the Committee on the Constitution, Legislation, Justice and Rules of Procedure on the draft of the law that regulates the protection and processing of personal data and creates the Agency of Personal Data Protection, sending 24 of the modifications made by the Chamber of Deputies to a joint committee (Bulletins Nos. 11.144 and 11.092-07, recast).
The next steps will be to appoint the parliamentarians who will be members of the commission and then constitute it, so that it begins to meet.
I. Main matters to be discussed in the Joint Committee
1. Territorial scope
Article 1 bis, which provides for the extraterritorial application of the law, was rejected in a similar sense to that established by the General Regulation for the Protection of Data from the European Union.
2. Definition of Personal Data and Sensitive Personal Data Elimination of “disproportionate identification effort” rejected As a ground for exception to the classification of data as personal data (art.
2(f) and the incorporation of physical or moral characteristics was rejected, the facts or circumstances of private life or intimacy and the situation socio-economic status, as well as the elimination of personal habits in the definition of sensitive personal data (Art. 2 lit. g).
3. Rights of Personal Data Subjects
The incorporation of Article 8 bis, on the right to oppose and not to be subject to decisions based on the automated processing of data personal data. The incorporation of Article 8 ter, which regulates the right to block.
4. Obligation to appoint a representative in Chile
The incorporation of the obligation of non-legal persons was rejected. incorporated in Chile to appoint a representative domiciled in the country, with
the purpose of enabling holders to exercise their rights (art. 10).
5. Publicly accessible sources as a basis for lawfulness
The removal of publicly accessible sources as a basis for Lawfulness for the processing of personal data (Art. 13 letter a).
6. Definition of sensitive biometric data
The modification to the concept of sensitive biometric data was rejected (Art. 16 ter).
7. International transfer of personal data
Amendments to the authorization that it may grant were rejected the Data Protection Agency for international data transfer in certain circumstances and under certain warranties classified as (art. 28).
8. Minor Offences
The incorporation of a new ground of minor infringement referring to incomplete submission in the registration or certification process of the prevention of infringements (Art. 34a(f)).
9. Penalties
Amendments to eliminate amounts were rejected. minimum fines by type of penalty, as well as the incorporation of Maximum penalty amounts corresponding to 2% or 4% of annual income for sales and services and other business activities in the last calendar year, with a maximum of 10,000 UTM or 20,000 UTM, depending on the infringement serious or very serious (art. 35).
10. Processing of personal data by the National Congress, the
Judicial and public bodies endowed with constitutional autonomy Amendments aimed at removing the The supervisory and supervisory powers of the Agency for the Protection of Biological Diseases Personal Data with respect to these bodies (art. 55).
11. Competence of SERNAC
The replacement of Article 15 bis of the Law on the Protection of Persons was rejected. Consumer who determines the competence of SERNAC in the field of
Protection of consumers’ personal data.
