Originally published in Privacy & Security Law Report on January 7, 2013.
The privacy landscape in Latin America is undergoing significant changes. With the enactment or implementation of laws in Colombia, Costa Rica, Nicaragua, and Peru, there are now eleven countries in Latin America that have adopted omnibus data privacy legislation: Argentina, Bahamas, Chile, Colombia, Costa Rica, Mexico, Nicaragua, Peru, Saint Lucia, Trinidad and Tobago, and Uruguay. In addition, Brazil is considering a data protection law.
Unlike the European Union member state laws which are all based on a common directive, the Latin American laws vary significantly from each other. All of these laws are based on the core data protection principles, but their implementation and focus are quite different from each other and from laws found in other parts of the world. In addition, unlike the newer laws being adopted in Asia (11 PVLR 1798, 12/17/12), the new laws in Latin America require registration with the data protection authority, and they do not contain detailed security obligations. However, like the new laws in Asia and the existing laws in Europe, the Latin American laws impose cross-border restrictions. Organizations doing business in Latin America should pay attention to these laws as they really differ from laws in other regions, and compliance programs that comply with only EU obligations will run afoul of many of the Latin American country obligations.
Please see full publication below for more information.