With the enactment or implementation of several new data privacy laws in the past couple of years, the privacy landscape in Latin America and the Caribbean continues to change dramatically. Twelve countries in the region now have omnibus data privacy legislation in place: Argentina, Bahamas, Chile, Colombia, Costa Rica, Curacao, the Dominican Republic, Mexico, Nicaragua, Peru, Trinidad and Tobago and Uruguay. St. Lucia adopted legislation in 2011, but the law has not yet gone into effect. In addition, other countries such as Brazil or territories such as the Cayman Islands are considering data protection laws.

Unlike the European member state laws that are all based on a common directive, the laws in Latin America and the Caribbean vary significantly from each other. All of these laws are based on core data protection principles, but their implementation and focus are quite different from each other and from laws found in other parts of the world. For example, unlike the newer laws being adopted in Asia, two-thirds of the new laws in this region require registration with the data protection authority and, in most cases, do not contain detailed security obligations. However, like the new laws in Asia and the existing laws in Europe, many laws in Latin America and the Caribbean impose cross-border restrictions. There is also a growing trend to require notification to regulators and/or individuals in the event of a data security breach. Half of the countries in the region now have such requirements.

Originally published in the Privacy & Security Law Report, 13 PVLR 626, 04/14/2014.