New Data Protection Laws and Case Law Trends in Central & South America

1,918 views

Published on

Cédric Laurant, Ana Brian Nougrères & Renato Opice Blum, "New Data Protection Laws and Case Law Trends in Central & South America". Presentation made at the
International Association of Privacy Professionals (IAPP)'s Privacy Academy 2011 in Dallas, TX (USA) on September 15, 2011.
Presentation also available at http://cedriclaurant.com/wp-content/uploads/2011/09/110916-new_latam_data_prot_laws_case_law_trendsfv.pdf.zip

Published in: Business, Travel, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,918
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

New Data Protection Laws and Case Law Trends in Central & South America

  1. 1. New Data Protection Laws and Case Law Trends in Central & South America (final version) Dallas, TX (USA) September 15, 2011 Cédric Laurant Ana Brian Nougrères Renato Opice Blum © 2011 Presentation available at <http://cedriclaurant.com/wp-content/uploads/2011/09/110916-new_latam_data_prot_laws_case_law_trends- fv.pdf.zip>
  2. 2. WWW.OPICEBLUM.COM.BR Renato Opice Blum renato@opiceblum.com.br @opiceblumAttorney and economist, Digital Law coordinator of GVLaw and of theMBA on Electronic Law at Escola Paulista de Direito; Invited-Professor at USP and Mackenzie Presbyterian University; President ofthe Council of Information Technology and Communication of theCommerce Federation of São Paulo/SP and of the Technology LawCommittee of AMCHAM; Advisor of the Committee of HighTechnology Crimes of Brazilian Bar Association; InternationalLectures: Global Privacy Summit 2010, 73rd Conference of theInternational Law Association; ISSA International Conference 2010;HTCIA International Conference 2010; Inter American BarAssociation: Reunión del Consejo y Seminario 2010, InvitedParticipant at The Sedona Conference 2010 and invited lecturer atthe 3rd Annual Sedona Conference 2011; Seton Hall Law – 2011 andABA annual meeting 2011; Coordinator and co-author of the book“Manual of Electronic Law and Internet” and “Electronic Law:internet and the courts”2 New Data Protection Laws and Case Law Trends in Central & South America
  3. 3. Dra. Ana Brian Nougreres Legal Consultant at the Uruguayan Parliament, Senate and Chamber of Representatives and at the Uruguayan College of Attorneys. Teacher at School of Law, Legal Informatics Chair, Universidad de la República Oriental del Uruguay. Chief Consultant at Estudio Jurídico Briann and Associates. E-mail: abrian [at] netgate [dot] com [dot] uy 3 New Data Protection Laws and Case Law Trends in Central & South America
  4. 4. Cédric Laurant   rincipal, Cedric Laurant P Consulting (Brussels)   ttorney at law (Washington, A DC) E-mail: c [at] cedriclaurant [dot] com Website: http://cedriclaurant.com Blogs: http://cedriclaurant.org http://security-breaches.com Linkedin: http://www.linkedin.com/in/cedriclaurant4 New Data Protection Laws and Case Law Trends in Central & South America
  5. 5. Outline  Introduction  A. Brazil  B. Uruguay & Argentina  C. Colombia, Peru, Costa Rica  D. Key take aways  Q & A5 New Data Protection Laws and Case Law Trends in Central & South America
  6. 6. Outline  Introduction (Cedric Laurant)  A. Brazil  B. Uruguay & Argentina  C. Colombia, Peru, Costa Rica  D. Key take aways  Q & A6 New Data Protection Laws and Case Law Trends in Central & South America
  7. 7. 7 New Data Protection Laws and Case Law Trends in Central & South America
  8. 8. 8 New Data Protection Laws and Case Law Trends in Central & South America
  9. 9. Introduction   Most important privacy developments in Brazil, Argentina, Uruguay, Colombia, Peru and Costa Rica.   Recent regulatory and case law trends that affect how you do business in Central and South America.   How the most recent Latin American data protection laws are likely to be implemented.   Q&A9 New Data Protection Laws and Case Law Trends in Central & South America
  10. 10. Outline  Introduction  A. Brazil (Renato Opice Blum)  B. Uruguay & Argentina  C. Colombia, Peru, Costa Rica  D. Key take aways  Q & A10 New Data Protection Laws and Case Law Trends in Central & South America
  11. 11. Brazil11 New Data Protection Laws and Case Law Trends in Central & South America
  12. 12. The children of darkness are always faster than the children of light. Lucas chapter 16 verse 812 New Data Protection Laws and Case Law Trends in Central & South America
  13. 13. BRAZIL – SOME CASES MEDICAL CLINIC database copy / unfair competition M COMPANY illegal video BROKER COMPANY database breach / unfair competition T COMPANY database breach CHEMICAL INDUSTRY COMPANY database breach RACE DRIVER image damage BEVERAGE COMPANY 483 confidential files13 New Data Protection Laws and Case Law Trends in Central & South America
  14. 14. PERSONAL DATA BILL OF LAW Article 1. The aim of this project guarantees and protection, in the area personal information specially dignity and fundamental rights of the person, specially with regard to his/her freedom, equality and personal privacy in terms of art 5 of Federal Constitution. Article 2. Everybody has the right to the protection of his/her personal data.14 New Data Protection Laws and Case Law Trends in Central & South America
  15. 15. PERSONAL DATA BILL OF LAWArticle 35. The international transfer of personal data is only allowed to countriesthat provide a level of data protection comparable to the one of this law, unlessthe following exceptions:I - when the owner has expressed his own free consent, express and informed tothe transfer;II - when it is necessary for the implementation of obligation under a contract ofwhich the holder is a party;III - when it is necessary to guarantee a significant public interest specified bylaw;IV - when it is necessary for international cooperation among governmentagencies for intelligence and research, according to international law instrumentsto which Brazil is bounded;V - when it is necessary to defend a right in court, if the data are transferredsolely for this purpose and for the necessary period of time;VI - when it is necessary to protect the life or physical safety of the owner orthird party, if the holder cannot provide its consent because of physicalimpossibility, incapacity to act or understand. 15 New Data Protection Laws and Case Law Trends in Central & South America
  16. 16. CONSTITUTION Section 5.10 – Intimacy, privacy, honor and image of persons – INVIOLABLE. Section 5.12 – Secrecy of correspondence and Telecom – INVIOLABLE.CIVIL CODE Section 20 – Disclosure of writings, the transmission of the word, or publication, display or use of the image of a person. Section 21 – Private life of a person – INVIOLABLE. EXPECTATION OF PRIVACY SÃO PAULO STATE COURT DECISION Violation of image rights, privacy, intimacy and honor by being photographed and filmed (in intimacy) on locations – Spanish beach – Injunction to terminate the exhibition of movies and photos on web- sites because of the presumption of lack of consent to the publication. Filling with a daily penalty payment of $ 250,000.00, to inhibit infringement of the command to abstain. The paparazzi are known for aggressively working with the capture of images, which characterizes the illegality of their activities [voyeurism]. Denying injunctive relief would reward the work of these professionals that do not require authorization for their photos and, especially, to legalize the sensationalism and scandal propagated by the media, without permission of those involved. 16 New Data Protection Laws and Case Law Trends in Central & South America
  17. 17. NEWS ON THE INTERNET CAUSES HARM TO CITIZEN’S HONOR. HE WAS NOT GUILTY, BUT THERE WAS NO NEWS ABOUT THAT, ONLY ABOUT THE ONGOING LAWSUIT. JUDGE ORDERS GOOGLE TO SET UP A FILTER TO RANDOMIZE RESULTS WITH THE PLAINTIFF’S NAME, ENABLING VARIETY OF NEWS PARANA STATE COURT 1819/200817 New Data Protection Laws and Case Law Trends in Central & South America
  18. 18. Brazilian authority postpones to 2012 legislationthat obliges tracking devices in new cars. The Brazilian National Transit Counsel has postponed to 2012 the obligation to install anti-theft devices in all the cars. According to the department, the change was made due to the complexity of the telecommunications infrastructure that may be needed to develop the Integrated System of Monitoring e Automatic Registry of Vehicles (SINRAV, in Portuguese). The installation of the tracking device is mandatory. The obligation to install this device has been postponed since 2009. The main reason is that this law is seen as harmful to the citizens’ liberty, since anyone can be monitored without consentiment and have their private life invaded. 18 New Data Protection Laws and Case Law Trends in Central & South America
  19. 19. CONSUMER DEFENSE CODE Section 43 – Database access. Section 72 – Block access. Penalty – detention from six months to one year or a fine. PRIVACY SANTA CATARINA STATE COURT DECISION Consumer Defense Association causes damages to consumers disclosing its database to third parties. Association must include a warning about the disclosure and ask for permission.19 New Data Protection Laws and Case Law Trends in Central & South America
  20. 20. WIRETAPPING – ACT 9296/1996 Section 1 – Interception of telephone communications – flow of communication. Section 10 – Intercept communication or break secret of Justice, without judicial authorization – confinement from two to four years and fine. PRIVACY SÃO PAULO STATE COURT DECISION Breach of confidentiality of correspondence, telegraphic, data and telephone communications - Nonoccurrence - Seizure of emails in possession and knowledge of the recipient by a court order - strong suspicions that the material might enlighten the criminal infraction – interpretation of art. 5, XII of the Constitution. T H E R E I S N O V I O L AT I O N O F T H E S E C R E C Y O F CORRESPONDENCE.20 New Data Protection Laws and Case Law Trends in Central & South America
  21. 21. APPEAL TO THE SUPERIOR COURT OF JUSTICE BRAZIL Nº 1.193.764 - SP (2010/0084512-0) APPELLANT : I P DA S B APELLEE : GOOGLE BRASIL INTERNET LTDA SUMMARY CIVIL AND CONSUMER LAW. INTERNET. CUSTOMER RELATION. CDC (BRAZILIAN CONSUMER DEFENSE CODE). FREE SERVICE. INDIFFERENCE. CONTENT PROVIDER. PREVIOUS FISCALIZATION ON THE CONTENT OF THE USER POSTED INFORMATIONS ON THE WEBSITE. UNNECESSARY. MESSAGE WITH OFFENSIVE CONTENT. MORAL DAMAGE. INHERENT RISK TO BUSSINESS. INEXISTENCE. ACKNOWLEDGMENT OF THE FORBIDDEN CONTENT. IMMEDIATE REMOVAL OF THE CONTENT. DUTY. PROVIDE MEANS FOR THE IDENTIFICATION OF EACH USER. DUTY. REGISTER THE IP NUMBER. SUFFICIENT.21 New Data Protection Laws and Case Law Trends in Central & South America
  22. 22. SUPERIOR LABOR COURT –CORPORATE EMAIL ANDRECORDINGS AS VALID PROOF FORDISMISSION “(…) As a subscriber of the internet service provider, the company is responsible for its intern use, in accordance to laws. 8. Thus, if the employee eventually use the corporate email for personal reasons, he should be aware that the access to the content of the messages by the employer do not represent major violation of its mails, nor violation of privacy or intimacy, because we are talking about equipment and technology provided by the employer for usage to work and reach the goals of the company. 9. This way, we do not understand that it sets up no defense to the usage of evidence embodied in access to e-mail box, provided by the employer to his employees. Interlocutory appeal devoided.”22 New Data Protection Laws and Case Law Trends in Central & South America
  23. 23. SUPERIOR LABOR COURT –CORPORATE EMAIL ANDRECORDINGS AS VALID PROOFFOR DISMISSIONINTERLOCUTORY APPEAL IN A REVIEW APPEAL. PAIN ANDSUFFERING. GOOD CAUSE.The sentence from the lower level court registred that itdoes not hurt constitutional standard of financialdisclosure and corporate email, especially when theemployer, in advance, warn its employees about the rulesfor using the system and the possibility of tracking andmonitoring their email. Interlocutory appeal devoided. 23 New Data Protection Laws and Case Law Trends in Central & South America
  24. 24. SECURITYLaw enforcement agencies use social networks insearch of incriminating data users24 New Data Protection Laws and Case Law Trends in Central & South America
  25. 25. GPS - Monitoring25 New Data Protection Laws and Case Law Trends in Central & South America
  26. 26. 3rd FEDERAL COURT – LETTERS ROGATORY?26 New Data Protection Laws and Case Law Trends in Central & South America
  27. 27. GreetingsAmbassador Roberto Campos: "Those whoremain in this house have before them wonderfulagenda. I wish them, as in the words oftheologist Reinhold Niehbuhr:"May God give the serenity to accept the thingsthey cannot change, courage to change thethings they can change and the wisdom to knowthe difference."27 New Data Protection Laws and Case Law Trends in Central & South America
  28. 28. Recommendations and Practices for the Safe Use of Internet to Entire Family Link: http://www.opiceblum.com.br/download/OABMack_Safety.pdf28 New Data Protection Laws and Case Law Trends in Central & South America
  29. 29. Outline  Introduction  A. Brazil  B. Uruguay & Argentina (Ana Brian Nougreres)  C. Colombia, Peru, Costa Rica  D. Key take aways  Q & A29 New Data Protection Laws and Case Law Trends in Central & South America
  30. 30. Argentina 2003 Decision 2003/490/CE November 21, 2003 Declaration of Adequation to the levels of data protection of Directive 95/46/EC of the European Parliament and the Council.30 New Data Protection Laws and Case Law Trends in Central & South America
  31. 31. Argentina 2011 Transfers to other countries only permitted if the country of destination ensures an adequate level of protection. Exceptions to this principle only in special cases: explicit and unambiguous consent, execution of certain contracts, safeguard of public interests or individual vital interests, information of public registers.31 New Data Protection Laws and Case Law Trends in Central & South America
  32. 32. Articles 25 and 26, Directive 95/46/CE           European Economic Space DATA TRANSFERS AEPD March 31, 201132 New Data Protection Laws and Case Law Trends in Central & South America
  33. 33. INTERNATIONAL DATA TRANSFERS WITH COUNTRIES WITH NO ADEQUATION AEPD March 31, 201133 New Data Protection Laws and Case Law Trends in Central & South America
  34. 34. AEPD March 31, 201134 New Data Protection Laws and Case Law Trends in Central & South America
  35. 35. AEPD March 31, 201135 New Data Protection Laws and Case Law Trends in Central & South America
  36. 36. Uruguay - Dispositions Law 18331 - August 18, 2008 Decree 664/2008 Decree 437/2009 Decree 414/2009 Law 18719 - December 27, 2010 Law 18778 – July 15, 201136 New Data Protection Laws and Case Law Trends in Central & South America
  37. 37. Uruguayan Data Protection System Scope of application of the legislation Data protection principles Rights of the data holders Liability Enforcement mechanisms Control Sanctions37 New Data Protection Laws and Case Law Trends in Central & South America
  38. 38. Scope The regime is applied to all personal data recorded in any kind of medium that makes them likely to be processed, and any kind of subsequent use of these data within public or private domains.38 New Data Protection Laws and Case Law Trends in Central & South America
  39. 39. Principles Purpose limitation principle Data quality and proportionality principle Principle of transparency Security principle39 New Data Protection Laws and Case Law Trends in Central & South America
  40. 40. Rights of the data holders Access Rectification Opposition40 New Data Protection Laws and Case Law Trends in Central & South America
  41. 41. International data transfers restricted: Countries that provide adequate levels of protection. Transfers authorized by the control authority in cases that offer contractual clauses regarding privacy, rights, freedoms of individuals and the exercise of their rights. Consent, contract, public interest, individual’s vital interest, public registry.41 New Data Protection Laws and Case Law Trends in Central & South America
  42. 42. Sensitive data (9% of the data universe in Uruguay) Definition as personal data revealing racial or ethnic origin, political preferences, religious or moral beliefs, trade union membership or information concerning health or sex life. Explicit consent required for data processing. Nobody can be compelled to provide sensitive data.42 New Data Protection Laws and Case Law Trends in Central & South America
  43. 43. Direct marketing The data used for this purpose are home addresses, distribution of documents, advertising, sale or similar activities. In case this data is suitable for promotional profiling, commercial or advertising purposes, it should appear in documents accessible to the public or must have been supplied or consented by the affected individual. Right to access, remove and block data can be applied at any times.43 New Data Protection Laws and Case Law Trends in Central & South America
  44. 44. Automatic individual decision Decisions based on the processing of data should not affect people or their performance (employment, credit, reliability, behavior, etc.). The affected person has the right to obtain information from the controller, both regarding the assessment criteria and the program used for the processing.44 New Data Protection Laws and Case Law Trends in Central & South America
  45. 45. Supervisory Data Protection Authority URCDP : autonomous entity with technical autonomy Management: Executive Council of three members (Executive Director of AGESIC and the other two appointed by the Executive Power). Assistance: Advisory Council of five members (Members appointed by Legislative and Judicial Power, Public Ministry, academy and private sector).45 New Data Protection Laws and Case Law Trends in Central & South America
  46. 46. Procedural and enforcement mechanisms URCDP provides assistance, advice, regulations, registries of databases, monitors compliance with regulations, guarantees security and confidentiality of data provided, issues opinions. Investigation, Inspection and Sanctions are in charge of the URCDP Habeas data action, legal quick action.46 New Data Protection Laws and Case Law Trends in Central & South America
  47. 47. Sanctions Warning (83 %) Fines (17 %) Suspension of database.47 New Data Protection Laws and Case Law Trends in Central & South America
  48. 48. Opinion 6/2010 of the WP29 on the level of personal data protection in Uruguay, adopted October 12, 2010. CONCLUDES that Uruguay ensures an adequate Level of protection within the meaning of Article 25 (6) of Directive 95/46/CE.48 New Data Protection Laws and Case Law Trends in Central & South America
  49. 49. Why data protection systems work as a win-win process For the consumers, because they can control their own data and the information disseminated about them. For the enterprises, because then can prevent risks of vulnerability of the information they manage from their clients. For the countries, because then can attract investors, improve their positions and compliment international standards.49 New Data Protection Laws and Case Law Trends in Central & South America
  50. 50. Outline  Introduction  A. Brazil  B. Uruguay & Argentina  C. Colombia, Peru, Costa Rica (Cedric Laurant)  D. Key take aways  Q & A50 New Data Protection Laws and Case Law Trends in Central & South America
  51. 51. Colombia, Peru & Costa Rica: Outline  1. Colombia: case studies, problem-solving in real world situations  2. Peru: overview of the data protection law  3. Costa Rica: overview of the data protection law  See references at end of slide deck51 New Data Protection Laws and Case Law Trends in Central & South America
  52. 52. Colombia  7 real cases:  How they might be solved with the upcoming data protection law.  Why are those cases relevant to you and for your job?  Cases range from private to public and governmental aspects of data protection, not only for private businesses but also for public/government authorities.52 New Data Protection Laws and Case Law Trends in Central & South America
  53. 53. Trust53 New Data Protection Laws and Case Law Trends in Central & South America
  54. 54. Trust   Case study: why do books always come wrapped in Colombian bookstores? Lack of trust towards customers? High price? Attitude towards books as sacred objects? Piracy?   Problem: lack of trust by businesses towards consumers.   Significance: lack of trust by businesses breeds lack of trust by consumers towards businesses.   Business context: B2C transactions between foreign companies and Colombian consumers.   Relevance for US/EU companies: foreign companies must be aware of, and understand, this essential feature of the commercial context in which personal information is being processed in Colombia.54 New Data Protection Laws and Case Law Trends in Central & South America
  55. 55. Trust   Resolution:   Should bookstores unwrap all books to make better sales? Will it demonstrate more trust by the shopkeeper towards its customers? Will it have a positive or negative impact on sales?   How is trust related to complying with new data protection legal requirements? Does it mean that for a company to be successful, it should be more transparent about how it processes its customers’ personal data?   How would the upcoming Colombian data protection law apply? What would have to change in current data management practices? (Take local commercial traditions and way of doing business into account.)   How could this have an impact on the level of enforcement of the new law?   Take away55 New Data Protection Laws and Case Law Trends in Central & South America
  56. 56. Trust56 New Data Protection Laws and Case Law Trends in Central & South America
  57. 57. Credit reporting system57 New Data Protection Laws and Case Law Trends in Central & South America
  58. 58. Credit reporting system   Case study: Colombian real estate franchise of a US company (“Century 21 Luque Medina”).   Problem: illustrates the current serious problem with the credit reporting system in Colombia: abusive use is detrimental to consumers, tenants and sureties; does not encourage accountability and business ethics by real estate companies.   Significance: lack of trust by Colombian tenants, landlords and sureties towards Colombian subsidiaries or franchises of foreign businesses.   Business context: B2C/B2B transactions between, on the one hand, foreign companies or Colombian subsidiaries or franchises of foreign companies, and, on the other hand, Colombian consumers.   Relevance for US/EU companies: negative impact on US/ EU companies’ reputation.58 New Data Protection Laws and Case Law Trends in Central & South America
  59. 59. Law No. 1266 of 2008   The Colombian “FCRA”.   Applies in addition to the upcoming data protection law by focussing only on the protection of credit reports and the processing of financial personal information.   Lacks teeth to address international data transfer issues: scope too limited to provide enough protections for information processed by European companies’ subsidiary call centers based in Colombia.   No “adequate protection”. European Commission’s opinion: adequate to regulate the financial sector, but not medical, religious, ethnic, and other type of personal data.   Enforcement has started by supervisory authorities.59 New Data Protection Laws and Case Law Trends in Central & South America
  60. 60. Credit reporting system   Resolution:   How does the Law No. 1266 of 2008 apply to this case? Was it violated? No but did in fact unfairly treat the data subject.   What would have to change in current data management practices?   How has that law applied so far? Enforcement case by the Superintendencia de Industria y Comercio.   How will the upcoming data protection law have any impact? Purpose specification principle.   Take away:   Doing business in a fair way will give the advantage to foreign companies.   Go beyond strict compliance of the letter of the law in implementing it.60 New Data Protection Laws and Case Law Trends in Central & South America
  61. 61. Authentication for private transactions61 New Data Protection Laws and Case Law Trends in Central & South America
  62. 62. Authentication for private transactions   Case study: fingerprints required as means of authentication for all sorts of contracts between individuals and businesses (rental agreements, online password releases for online banking accounts, exchange of currencies, “pospago” contracts with mobile phone providers, shipment of packages abroad,…   Problem: need for a reliable way to authenticate individuals; signature not sufficient for authentication purposes. Main reason: high level of fraud.   Significance: processing of sensitive personal information (biometrics) by businesses.   Business context: B2C/B2B transactions between foreign companies and Colombian customers/clients or companies.62 New Data Protection Laws and Case Law Trends in Central & South America
  63. 63. Authentication for private transactions   Relevance for US/EU companies: authentication procedures may prove very burdensome, bureaucratic and onerous; on the other hand, motivated by good reasons: to prevent fraud (cfr fraud statistics in Colombia) and money laundering.   Questions/Resolution:   How will the upcoming Colombian data protection law apply? (transparency, right of access, adequate security measures, …)   How will the new law impact those authentication practices? (proportionality and security measures)   How will current data management practices have to change? (more transparency, subject access and security)   Take away63 New Data Protection Laws and Case Law Trends in Central & South America
  64. 64. Collection of biometrics for security purposes64 New Data Protection Laws and Case Law Trends in Central & South America
  65. 65. Collection of biometrics for security purposes   Case study: digital biometric fingerprint scanner used as a security measure at the entrance of office buildings; required from everyone to get access to the premises.   Significance: higher risk of data breaches because of databases storing very sensitive personal information (biometrics) and higher risk for data subjects concerned.   Business context: B2C transactions between foreign companies and data subjects (Colombians or foreigners, individuals or clients).   Relevance for US/EU companies: higher risk for hacking and data breaches exists as sensitive personal information is being stored.   Problem: use of biometrics and other authentication and identification measures by private actors in a wide range of situations where collection, use and secondary use of personal information is not necessarily legitimate, transparent or proportionate (e.g., building access).65 New Data Protection Laws and Case Law Trends in Central & South America
  66. 66. Collection of biometrics for security purposes   Questions:   Why is a digital fingerprint required as opposed to a less intrusive and less risky means of access security measure? Is it proportionate?   What happens with this data? With whom is it shared?   Where is there any type of privacy policy explaining what happens with the information collected?   What happens if I am being denied access to the building? Where can I complain? (transparency issue)   Resolution:   How does the upcoming Colombian data protection law apply?   Proportionality; prior and express consent; transparency;…   What would have to change in current data management practices to make this processing compliant with the law?   What are the exemptions for law enforcement authorities?   Take away66 New Data Protection Laws and Case Law Trends in Central & South America
  67. 67. Phone no. and ID for every purchase67 New Data Protection Laws and Case Law Trends in Central & South America
  68. 68. Phone no. and ID for every purchase   Case study: Phone no. and ID no. are requested for every purchase made with an electronic means of payment. No explanation of reason why or what the information is ultimately used for; no privacy policy.   Significance: possibility to match all purchases made by individuals with their ID no. Link it with governmental databases? Relationships between those purchases and the stores’ discount grocery shopping cards?   Business context: B2C transactions between, on the one hand, foreign companies or their Colombian subsidiaries or franchises of foreign companies and, on the other, Colombian consumers.   Relevance for US/EU companies: Do US/EU businesses’ subsidiaries in Colombia using such information collect it legitimately and for valid reasons?68 New Data Protection Laws and Case Law Trends in Central & South America
  69. 69. Phone no. and ID for every purchase   Problem: low level of trust in customer-business relationships, very low level of consumer protection and customer service; presumption of bad faith.   Questions/Resolution:   How will the upcoming Colombian data protection law apply?   What would have to change in current data management practices?   Take away: more transparency required from businesses towards their customers with respect to the processing of their personal information. Consumer protection mechanisms must be established that much better ensure a higher level of consumer protection and consumer privacy.69 New Data Protection Laws and Case Law Trends in Central & South America
  70. 70. RFID transportation card70 New Data Protection Laws and Case Law Trends in Central & South America
  71. 71. RFID transportation card   Case study: Medellin metro card is delivered upon identification and tracks all itineraries of travelers. Lack of information about availability of an anonymous card and its benefits (only drawbacks are mentioned to encourage adoption of individualized card).   Significance: use of customers’ personal location information by public and private entitie; is covered by the upcoming data protection law.   Business context: procurement contracts between Colombian government authorities and foreign companies.   Relevance for US/EU companies: Potential sale of data processing services to local governmental entities. Interest for foreign companies to understand how the upcoming data protection law applies to geo-location location personal information.71 New Data Protection Laws and Case Law Trends in Central & South America
  72. 72. RFID transportation card   Problem: Data protection issues: transparency, access rights, potential secondary uses of travelers’ personal information. Concerns: no privacy policy; no information about the type of information being collected by the system; about the uses of the itinerary information now and later in time; about the current or considered secondary uses; and about the possibility to ask for an anonymous card. Use of data by private and public actors.   Questions: How will the upcoming Colombian data protection law apply? What would have to change in current data management practices?   Resolution: comply in advance and better than local companies.72 New Data Protection Laws and Case Law Trends in Central & South America
  73. 73. RFID transportation card (comparison with Uruguayan case)73 New Data Protection Laws and Case Law Trends in Central & South America
  74. 74. Privacy in e-government services  General obligation of all government entities that use electronic resources to manage the information of citizens in a manner respectful to their privacy.  Decree No. 1151 of 2008 establishes general principles to follow in how online services are provided by the government.  Protection of privacy is further regulated by the Ministry of Communications’ “e- Government Policy Manual,” applicable throughout all governmental entities.74 New Data Protection Laws and Case Law Trends in Central & South America
  75. 75. Colombia: take aways   1. Get an edge over your competitors: be transparent, explain, clarify how your company/ affiliate will use individuals/customers’ personal information.   2. Don’t wait for the Colombian companies to comply with the law: being seen as an early adopter will be good for business and reputation.   3. Trust your consumers; trust will breed reciprocal trust in your products, services, reputation and brand.75 New Data Protection Laws and Case Law Trends in Central & South America
  76. 76. Colombia: take aways   4. Follow all consumer protection regulations, and go beyond strict compliance. Do better than Colombian companies. Mandate your franchisees to be consumer protection-friendly, like in the United States, not like in Colombia.   5. Develop a reputation for being fully reliable for your customers.   6. Get advice both from a local counsel (to conceive the most adequate data protection solution to fit in the cultural context) and from a global data protection counsel. Both professionals will be necessary to design how your company will comply with the local data protection rules.76 New Data Protection Laws and Case Law Trends in Central & South America
  77. 77. CENTRAL AMERICA COSTA RICA EL SALVADOR GUATEMALA HONDURAS NICARAGUA PANAMA77 New Data Protection Laws and Case Law Trends in Central & South America
  78. 78. CENTRAL AMERICA PROTECTION AT THE CONSTITUTIONAL LEVEL -  No Central American country has an express recognition for the right to data protection. -  However, most countries provide constitutional protection for the “right to privacy”, except Panama and Guatemala. - Countries do not have “habeas data” at the constitutional level, but some of them have a general constitutional remedy. PROTECTION IN THE LAW -  No Central American country has a comprehensive personal data protection law. -  Most countries have legal provisions that protect personal data in their laws on access to information and public transparency (Panama, 2002; Honduras, 2006; Nicaragua, 2007; and Guatemala, 2008). -  There are telecommunication laws and credit reporting laws.78 New Data Protection Laws and Case Law Trends in Central & South America
  79. 79. CENTRAL AMERICA INTERNATIONAL INSTRUMENTS -  Political Dialogue and Cooperation Agreement between the EU and Central America (2003): parties agreed to cooperate on the protection in the processing of personal data. BILLS ON PERSONAL DATA PROTECTION -  At least two Central American countries have had legislative discussion on bills that would regulate data protection: Costa Rica and Nicaragua. Costa Rica has a new data protection law since Sept. 7, 2011.79 New Data Protection Laws and Case Law Trends in Central & South America
  80. 80. Costa Rica   Sept. 7, 2011: new Personal Data Protection Law No. 8968 enters into force.   Regulates the processing of personal data carried out by public and private entities: all databases distributing or selling information. (Personal or corporate databases not covered by the law.)   Law modeled after the EU Data Protection Directive. Regulates almost all processing of all types of personal data.   Requires express written consent for many data processing activities.80 New Data Protection Laws and Case Law Trends in Central & South America
  81. 81. Costa Rica  4 main categories of personal data:  1. sensitive data: include socioeconomic level, and medical and genetic conditions.  2. restricted access data: data included in a public database but with restricted access because only concerns person or public entity involved. Individual must give written consent for his personal data to be disclosed.  3. special restricted access data: data contained in public databases created by law.  4. credit records: data that allows financial institutions to evaluate an individual’s creditworthiness based on the general principles laid out in the new data protection law.81 New Data Protection Laws and Case Law Trends in Central & South America
  82. 82. Costa Rica  New data protection authority created within the Ministry of Justice (“Prodhab”) to implement the legislation, inspect registered databases and issue sanctions for legal violations.  Commercial databases must be registered before Prodhab and will be subject to an annual fee for their administration.  Data controller must pay a fee (“canon”) to Prodhab for sales made using commercial databases. Fee based on no. of data sold or contract value. Regulation to be implemented.82 New Data Protection Laws and Case Law Trends in Central & South America
  83. 83. Peru   July 2011: Peru has its first data protection law (“Ley N° 29733 de Protección de Datos Personales”).   Data protection authority will be part of the Ministry of Justice (independence?) and in charge of a National Registry of Personal Data; may levy fines for violations of the law.   Decree must now be drafted.   Problem with the regulation of credit- reporting databases: eludes crucial issue.83 New Data Protection Laws and Case Law Trends in Central & South America
  84. 84. Peru   National Register of Personal Data Protection can record:  1) publicly or privately administered personal databases;  2) authorizations issued pursuant to the law;  3) sanctions imposed by the National Authority; and  4) codes of conduct of the entities representing the privately administered personal database controllers or processors.84 New Data Protection Laws and Case Law Trends in Central & South America
  85. 85. Peru  Political willingness:  Free trade agreements: Peru signed them in Nov. 2008 with the US and Canada. Bilateral negociations under way with the EU, South Korea and China.  Call centers.  Transborder data flows:  Destination country must have a sufficient level of protection for the personal data to be processed, or at least comparable to that provided by the law.85 New Data Protection Laws and Case Law Trends in Central & South America
  86. 86. General references 1.- Agencia Española de Protección de Datos, cuatro gráficas aportadas a la fecha 31032011. Anales del Seminario “El impacto de las transferencias internacionales de datos en América Latina. Las políticas preventivas y la autorregulación en la implantación de la normativa de protección de datos”, Cartagena de Indias, Colombia. Junio de 2011 <http:// www.redipd.org/reuniones/seminario_2011_Cartagena/common/Ponencias/ JesusRubiNavarreteMartes.pdf>. 2.- José Luis Piñar Mañas. Protección de datos de carácter personal en Iberoamérica, Red Iberoamericana de Protección de Datos, Agencia Española de Protección de Datos, Ed. Tirant Lo Blanch Libros, Valencia, España. 2005. 3.- José Luis Piñar Mañas, La Red Iberoamericana de Protección de Datos, Declaraciones y documentos. Ed. Tirant Lo Blanch. Valencia, 2006. 4.- Oscar Puccinelli, El habeas data en Indoiberoamerica. Ed. Temis, Bogota, Colombia. 1999. 5.- Ana Brian Nougreres. De la protección de datos personales y la cooperación internacional. Anuario de Derecho Informático, Instituto de Derecho Informático, Facultad de Derecho, Universidad de la República. FCU. 2005.86 New Data Protection Laws and Case Law Trends in Central & South America
  87. 87. General references 6.- Cédric Laurant, “Emerging Data Protection Laws in Latin America and Doing Business in the EU”, Cedric’s Privacy Blog, Sept. 15, 2011 <http://blog.cedriclaurant.org/2011/09/15/ emerging_data_protection_laws_in_latin_america_doing_business_in_eu/>. 7.- Alberto Cerda, Cédric Laurant & Renato Opice Blum, “Recent Privacy and Data Protection Developments in Latin America and Their Impact on North American and European Multinational Companies”, IAPP Global Privacy Summit (Washington, DC – April 21, 2010) <http://www.slideshare.net/cedriclaurant/quotrecent-privacy-and-data- protection-developments-in-latin-america-and-their-impact-on-north-american-and- european-multinational-companiesquot>. 8.- Marcos Normativos en materia de Protección de Datos Personales. Actas del Seminario. Antigua, Guatemala, 2003.87 New Data Protection Laws and Case Law Trends in Central & South America
  88. 88. References (Argentina) 1.- Declaration regarding Argentina’s Adequation to the levels of data protection of the Directive 95/46/EC of the European Parliament and the Council, November 21, 2003 <http://ec.europa.eu/justice/policies/privacy/docs/ adequacy/decision-c2003-1731/decision-argentine_en.pdf>. 2.- Carlos E. Delpiazzo, Protección de datos en Uruguay y el Mercosur, Fundación de Cultura Universitaria. Montevideo, Uruguay, 2005. 3.- “Argentina” country report in Privacy & Human Rights 2006, Electronic Privacy Information Center & Privacy International, December 18, 2007 <https://www.privacyinternational.org/article/phr2006-argentine-republic>.88 New Data Protection Laws and Case Law Trends in Central & South America
  89. 89. References (Brazil) 1.- Brazilian Constitution, Title 2, Chapter 1, Article 5, X. http://www.planalto.gov.br/ccivil_03/constituicao/constitui%C3%A7ao.htm 2.- Brazilian Constitution, Title 2, Chapter 1, Article 5, XI. http://www.planalto.gov.br/ccivil_03/constituicao/constitui%C3%A7ao.htm 3.- Brazilian Constitution, Title 2, Chapter 1, Article 5, XII. http://www.planalto.gov.br/ccivil_03/constituicao/constitui%C3%A7ao.htm 4.- Brazilian Constitution, Title 2, Chapter 1, Article 5, XIV. http://www.planalto.gov.br/ccivil_03/constituicao/constitui%C3%A7ao.htm 5.- Brazilian Constitution, Title 2, Chapter 1, Article 5, LXXII. http://www.planalto.gov.br/ccivil_03/constituicao/constitui%C3%A7ao.htm 6.- Federal Law No. 9.507/1997 (Habeas Data). http://www.planalto.gov.br/ccivil_03/leis/l9507.htm 7.- Federal Law No. 9.507/1997, Article 4 § 1. http://www.planalto.gov.br/ccivil_03/leis/l9507.htm89 New Data Protection Laws and Case Law Trends in Central & South America
  90. 90. References (Brazil) 8.- Federal Law No. 9.507/1997, Article 4 § 2. http://www.planalto.gov.br/ccivil_03/leis/l9507.htm 9.- Federal Law No. 10.406, January 12, 2002 (Civil Code). http://www.planalto.gov.br/ccivil_03/leis/2002/L10406.htm 10.- Federal Law No. 7.232, October 29, 1984 (National Computer Policy). http://www.planalto.gov.br/ccivil_03/leis/L7232.htm 11.- Federal Law No. 9.472, July 16, 1997, Book 1, Art. 3, IX. (Telecommunications Act). http://www.consumidorbrasil.com.br/consumidorbrasil/textos/legislacao/l9472.htm 12.- Federal Law No. 9.454, April 7, 1997 (National Identity Registration). http://www.planalto.gov.br/ccivil_03/Leis/L9454.htm 13.- Federal Law No. 8.078, Article 43, September 11, 1990 (Consumer´s Code). http://www.planalto.gov.br/ccivil_03/leis/L8078.htm 14.- Document nº 05/2002, of the Economic Law Secretariat, Ministry of Justice (Secretaria de Direito Econômico (SDE) do Ministério da Justiça).90 New Data Protection Laws and Case Law Trends in Central & South America
  91. 91. References (Brazil) 15.- Personal Data Bill: regulates the protection of personal data, privacy and other matters <http://www.cgu.gov.br/acessoainformacao/arquivos/ anteprojeto-lei-protecao-dados-pessoais.pdf>. 16.- Renato Leite Monteiro & Caio César Carvalho Lima, Comentários ao Anteprojeto de Lei Brasileiro sobre Proteção de Dados Pessoais, Information Security Breaches & The Law Blog, May 2011 <http:// securitybreaches.files.wordpress.com/2011/05/anteprojeto-de-lei-brasileiro- sobre-protecao-de-dados-pessoais.pdf>. 17.- Renato Leite Monteiro & Cédric Laurant, “New Brazilian Data Protection Bill Adopts Data Breach Notification Regime”, Information Security Breaches & The Law Blog, May 9, 2011 <http://blog.security-breaches.com/2011/05/09/ new_brazilian_data_protection_bill_adopts_data_breach_notification_regime/>. 18. Renato Leite Monteiro , “Comentários ao Anteprojeto de Lei Brasileiro sobre Proteção de Dados Pessoais”, Information Security Breaches & The Law Blog, May 1, 2011 <http://blog.security-breaches.com/2011/05/01/comentarios-ao- anteprojeto-de-lei-brasileiro-sobre-protecao-de-dados-pessoais/>.91 New Data Protection Laws and Case Law Trends in Central & South America
  92. 92. References (Brazil) 19.- “Brazil” country report in Privacy & Human Rights 2006, Electronic Privacy Information Center & Privacy International, December 18, 2007 <https:// www.privacyinternational.org/article/phr2006-federative-republic-brazil>. 20.- Danilo Doneda, Da privacidade a proteção de dados pessoais, Ed. Renovar. Rio de Janeiro, Brasil, 2006. 21.- Stefano Rodota. A vida na sociedade da vigilancia, a privacidade hoje, Ed. Renovar, trad. Maria Celina Bodin de Moraes, Rio de Janeiro, 2008. 22.- Temis Limberger. O direito a intimidade na era da informática. Ed. Livraria do Avogado, Brasil, 2007.92 New Data Protection Laws and Case Law Trends in Central & South America
  93. 93. References (Colombia) 1.- Informe de conciliación al Proyecto de Ley Número 046 de 2010 Cámara, 184 de 2010 Senado (upcoming Colombian data protection law) <http:// www.habeasdata.org.co/wp-content/uploads/2010/12/Informe- Conciliación1.pdf>. 2.- Fernando Triana and Carolina Díaz (Triana, Uribe & Michelsen), “Data Protection: Colombia”, April 1, 2010 <http://ipandit.practicallaw.com/ 7-502-5167?source=relatedcontent>. 3.- Observatorio de la protección de datos personales en Colombia <http:// www.habeasdata.org.co/>. 4.- Nelson Remolina-Angarita, “¿Tiene Colombia un nivel adecuado de protección de datos personales a la luz del estándar europeo?, 16 International Law, Revista Colombiana de Derecho Internacional, 489-524 (2010) <http:// www.habeasdata.org.co/wp-content/uploads/2010/08/colombia-y-nivel- adecuado-de-proteccion-de-datos-nelson-remolina-il-julio-de-2010.pdf>. 5.- Nelson Remolina-Angarita, “Propuestas para mejorar y aprobar el proyecto de ley estatutaria sobre el derecho fundamental del habeas data y la protección de los datos personales”, Documento GECTI No 11, Noviembre 24 de 2010 <http://www.habeasdata.org.co/wp-content/uploads/2010/12/documento- gecti-11-de-2010.pdf>.93 New Data Protection Laws and Case Law Trends in Central & South America
  94. 94. References (Colombia) 6.- Cédric Laurant, Summer course of continuing legal education: “Data Protection & Privacy around the World”, School of Law, Universidad de los Andes (Bogota, Colombia – June 17 - July 7, 2008). 7.- Spanish Data Protection Agency, “Report on International Data Transfers – Ex Officio Sectorial Inspection of Spain-Colombia at Call Centres”, July 2007 <http://www.agpd.es/portalwebAGPD/jornadas/ transferencias_internacionales_datos/common/pdfs/ report_Inter_data_transfers_colombia_en.pdf>. 8.- “Colombia” country report in Privacy & Human Rights 2006, Electronic Privacy Information Center & Privacy International, December 18, 2007 <https://www.privacyinternational.org/article/phr2006-colombia>. 94 New Data Protection Laws and Case Law Trends in Central & South America
  95. 95. References (Costa Rica) 1.- Personal Data Protection Law No. 8968 of Sept. 7, 2011 (Ley de “Protección de la Persona frente al tratamiento de sus datos personales”) <http://www.pgr.go.cr/scij/Busqueda/Normativa/Normas/nrm_repartidor.asp? param1=NRTC&nValor1=1&nValor2=70975&nValor3=85989&strTipM=TC>. 2.- “Protection of the Person in the Processing of His Personal Data” (Data protection bill, “Ley de protección de la persona frente al tratamiento de sus datos personales”) <http://www.elderechoinformatico.com/index.php? option=com_content&view=article&id=508:ley-proteccion-de-datos- personales-costa-rica&catid=1:datos-personales&Itemid=54>. 3.- Roberto Lemaitre, “Proyecto de Ley - Expte. 16.679 “Protección de la Persona frente al tratamiento de Datos Personales”, 11 de Junio de 2011 <http://www.elderechoinformatico.com/index.php? option=com_content&view=article&id=583:proyecto-de-ley- expediente-16679-proteccion-de-la-persona-frente-al-tratamiento-datos- personales&catid=118:elderechoinformatico-costa-rica&Itemid=122>. 4.- Costa Rica country report in Privacy & Human Rights 2006, Electronic Privacy Information Center & Privacy International, December 18, 2007 <https://www.privacyinternational.org/article/phr2006-costa-rica>.95 New Data Protection Laws and Case Law Trends in Central & South America
  96. 96. References (Peru) 1.- Ley de Protección de Datos personales, 3 de julio de 2011 <http:// securitybreaches.files.wordpress.com/2011/07/110703-ley_peruana-pdp- no29733.pdf>. 2.- Department of Commerce, English translation of Peru’s Law for Personal Data Protection (Ley de Protección de Datos Personales) <http:// www.huntonprivacyblog.com/uploads/file/Peru%20Data%20Protection%20Law %20July%2028_EN%20_2_.pdf>. 3.- Iriarte & Asociados, Handbook IA N° 6 - Protección de Datos Personales- Entidades Privadas, v. 1.0, julio de 2011 <http://www.iriartelaw.com/apc-aa- iriartelaw/img_upload/80fbc41a7158c9c9b59314f28f167fb1/ Handbook_IA_N__6_ley_de_Protecci_n_de_Datos_Personales.pdf>. 4.- Carlos Ferreyros Soto, “Los desafios digitales del Ministerio de Justicia: El Sistema Peruano de Información Judicial, SPIJ y la Ley de Datos Personales”, 30 June 2011, <http://derecho-ntic.blogspot.com/2011/06/los-desafios-digitales-del- ministerio.html>. 5.- José Miguel Silva, “Ley de protección de datos personales: Todo lo que usted debe saber”, LaRepublica.pe, 23 June 2011 <http://www.larepublica.pe/ 23-06-2011/ley-de-proteccion-de-datos-personales-todo-lo-que-usted-debe- saber>.96 New Data Protection Laws and Case Law Trends in Central & South America
  97. 97. References (Peru) 6.- Cédric Laurant, “Perspectivas europeas sobre la protección de los consumidores y usuarios peruanos del Internet. Interpretando el nuevo Código peruano de Protección y Defensa del Consumidor (Ley No. 29571)” (Conferencia internacional: “Implicancias del Nuevo Codigo de Proteccion y Defense del Consumidor: Nuevos Retos”), Asociación Nacional de Defensa del Consumidor, Universidad Nacional Jorge Basadre Grohmann, Tacna, Peru – December 21, 2010) <http://www.slideshare.net/cedriclaurant/perspectivas-europeas-sobre-la- proteccin-de-los-consumidores-y-usuarios-peruanos-del-internetinterpretando-el- nuevo-cdigo-peruano-de-protecciny-defensa-del-consumidor-ley-no-29571>. 7.- “Peru” country report in Privacy & Human Rights 2006, Electronic Privacy Information Center & Privacy International, December 18, 2007 <https://www.privacyinternational.org/article/phr2006-republic-peru>. 97 New Data Protection Laws and Case Law Trends in Central & South America
  98. 98. References (Uruguay) 1.- The Uruguayan laws can be consulted at <http://www.parlamento.gub.uy>. 2.- Text of the Uruguayan decrees can be consulted at <http:// www.presidencia.gub.uy>. 3.- Ana Brian Nougreres, “El sistema legal uruguayo en protección de datos personales y acceso a la información pública,” Universidad de Los Andes, Bogotá, Colombia, 2010. 4.- Opinion 6/2010 on the level of protection of personal data in the Eastern Republic of Uruguay, adopted October 12, 2010, 0475/10/EN WP 117 <http:// ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp177_en.pdf>. 5.- Ana Brian Nougreres. Taller sobre Protección de Datos Personales, Colegio de Abogados del Uruguay, Montevideo, 2010. 6.- Augusto Duran Martinez, Derecho a la Protección de Datos personales y al acceso a la información pública, Ed. Amalio Fernández, Montevideo, Uruguay,, 2009.98 New Data Protection Laws and Case Law Trends in Central & South America
  99. 99. References (Uruguay) 7.- Carlos E. Delpiazzo, Protección de datos en Uruguay y el Mercosur, Fundación de Cultura Universitaria. Montevideo, Uruguay, 2005. 8.- Ana Brian Nougreres, “Integración Iberoamericana en materia de protección de Datos Personales”, Anuario de Derecho Informático, Montevideo, Uruguay, 2007. 9.- Ana Brian Nougreres. Protección de datos personales en Uruguay. Imp. Teijeiro. Montevideo, Uruguay, 2009. 10.- “Uruguay” country report in Privacy & Human Rights 2006, Electronic Privacy Information Center & Privacy International, December 18, 2007 <https:// www.privacyinternational.org/article/phr2006-republic-uruguay>. 12.- Ana Brian Nougreres, “El sistema de transporte metropolitano y la protección de datos personales de los uruguayos”, Anuario de Derecho Informatico, Instituto de Derecho Informático, Facultad de Derecho, Universidad de la República, FCU, 2007.99 New Data Protection Laws and Case Law Trends in Central & South America
  100. 100. Outline  Introduction  A. Brazil  B. Uruguay & Argentina  C. Colombia, Peru, Costa Rica  D. Key take aways (Cedric Laurant)  Q & A100 New Data Protection Laws and Case Law Trends in Central & South America
  101. 101. Key take aways •  1. Get an edge over your competitors: be transparent, explain, clarify how your company/affiliate will use individuals/customers’ personal information. •  2. Being seen as an early adopter will be good for business and reputation. •  3. Trust your consumers (trust breeds trust, in your products, services, reputation, brand).101 New Data Protection Laws and Case Law Trends in Central & South America
  102. 102. Key take aways •  4. Follow all consumer protection regulations and go beyond strict compliance. •  5. Build your company’s reputation as being fully reliable for your customers. •  6. Get advice not only from local counsel, but also from global ones.102 New Data Protection Laws and Case Law Trends in Central & South America
  103. 103. Outline  Introduction  A. Brazil  B. Uruguay & Argentina  C. Colombia, Peru, Costa Rica  D. Key take aways  Q & A103 New Data Protection Laws and Case Law Trends in Central & South America
  104. 104. Panelists: contact info Cedric Laurant, Esq., LL.M. Principal, Cedric Laurant Consulting (Belgium) http://cedriclaurant.com – Twitter: @cedric_laurant c [at] cedriclaurant [dot] com Dra. Ana Brian Nougreres Law Professor, Universidad de la República Oriental del Uruguay; Chief Consultant, Estudio Jurídico Briann & Associates (Uruguay) abrian [at] netgate [dot] com [dot] uy Renato Opice Blum CEO and Partner, Opice Blum Advogados Associados (Brazil) http://www.opiceblum.com.br – Twitter: @opiceblum renato [at] opiceblum [dot] com [dot] br104 New Data Protection Laws and Case Law Trends in Central & South America

×