Regarding a project and a ruling in Chile regarding the protection of personal data

The constant application of information technology to various legal fields produces a number of situations in which the administrative authority or the courts must resolve the best way to understand and enforce the respective rule.

Likewise, the legislation must be attentive to reality and solve the complications and problems that can be caused by information technology in order not to interfere with legal relationships.

Next, I will present a project and a sentence that seek to clarify certain practical aspects related to computer science applied in one case to consumer law and, in another, to e-mails in the State Administration.

Regarding the bill, it is contained in Bulletin No. 12.409-03, dated January 24, 2019, which is in the last constitutional process phase. Its objective is to establish measures to encourage the protection of consumer rights and modify various legal bodies.

In Law No. 19.496 on consumer rights, it adds an article 15 bis that establishes, in the first place, the declaration of application of the provisions of the Law on Protection of Personal Data, specifically, Title III on commercial obligations and its legal norms related to the Consumer Law, being considered as special provisions on consumer matters, for the provisions of article 2 bis (which makes certain norms applicable, including the possibility of the individual consumer to go to courts of law to claim for the damage caused by the breach of its regulations and, even the collective or diffuse interest); Article 58 that establishes the powers of the National Consumer Service (among others, to supervise and administratively interpret rules on the matter); and 58 bis (on registration of sentences and cases on the matter).

Next, it establishes the obligation of the providers to respect the prescriptions of said law and the obligation of the security and reservation of data, and the safeguarding of the use of the data for the respective purposes.

Next, it indicates the obligation to inform customers or users of any security violation of the database they have or the one they use, and that has data from those within 24 hours of making the report. If it cannot be done within this period by digital means, it must be done in writing, by phone or in any other way within 72 hours from the report.

Finally, it points out that any claim about these facts must be made by the supplier's customer service system. It also establishes that the person in charge has the obligation to inform, at the consumer's request, the source of the legitimacy of the processing of their data and respect, in any case, the purpose for which they were collected or stored.

Immersed in a modification to the Consumer Law, said proposed rule has not caused a media impact like other projects on the matter, but it is no less relevant.

For this reason, although it is seen as an advance, the proposal has been observed by various actors involved in the matter.

For Macarena Gatica, partner of the Alessandri study, it is inconvenient that personal data is being regulated in the matter of consumption when it should be regulated in general by means of the bill on the matter, which is stopped in its processing.[1]

At a distance seminar on the subject[2] experts discussed the project. Although it was an advance for the area, the regulation could have serious practical problems, for example, on when the report that was used to compute the deadline for information to consumers in case of data security problems should be made ; if the SERNAC resolutions would be valid for consumer matters, but not for other areas, as it should be if there were a specialized data authority; how the sectoral norms will be coordinated while there are no general norms on the subject, among others.

Consequently, we are once again facing the repercussions of the delay in our legislature around the new regulation of personal data. Having already been constitutionalized as an autonomous fundamental right by Law No. 21.096, of June 16, 2018, the process remains to be completed, providing it with a regulation in accordance with the new technological circumstances.

The permanence of this state of affairs will only make data management more difficult if there are sectoral regulations that are not linked to a common framework, as the experts asserted. In addition, if the country is exposed to another event such as the pandemic, which involves data management and communication, not having clear rules in this regard can cause damage not only to people's rights, but also to the application of public policies. .

Finally, the lack of a data authority, whoever occupies that role, leaves the entire mass of data in the hands of private entities without being effectively controlled, with eventual dire consequences for the owners of said data.

On the other hand, there is the resolution issued by the sixth chamber of the Court of Appeals of Santiago, in judgment Rol No. 193-2020, dated January 5, 2021, regarding a claim against the decision of protection of the Council for Transparency Rol C-7030-2019.

An official of the National Geology and Mining Service (SERNAGEOMIN) asks to know the content of certain communications made in the emails of certain officials, regarding the restructuring of the service and the review of certain technical projects.

For this purpose, it invokes what is established in article 5 and 10 of Law No. 20.285 on access to public information, which talks about the publicity of the acts and resolutions of the organs of the State Administration, their foundations, the documents that they serve as a direct and essential support or complement, and the procedures they use for their dictation.

Likewise, it alleges that all the information prepared with the public budget and all other information held by the bodies of the Administration is public, whatever its format, support, date of creation, origin, classification or processing. Both cited norms speak of the exceptions that are indicated by law. All this is based on article 8 of the Constitution. It indicates that understanding that the contents of the emails are private, based on articles 19 No. 4 and 5 of the Constitution, would establish a reservation on information that should be considered public, since it would be being exchanged in the exercise of the function public. It assimilates the emails to the memorandums or minutes of the State Administration, for which, under its concept, they would be public information.

With regard to what was alleged by the Council for Transparency, it pointed out that the fact of being in the power of SERNAGEOMIN and -having been sent by institutional mail- does not determine that it is public, since, initially, it may be affected by a exception for reservation or secrecy.

It also argued that this does not make it incompatible with the fact that privacy and inviolability of the communications established in Article 19 No. 4 and 5 of the Constitution exist. Indeed, these communications may also contain certain judgments or information of a private nature that must be protected by said constitutional guarantee according to article 21 No. 2 of the law, that is, affect the right of people, particularly their safety, their health, the sphere of your private life or rights of a commercial or economic nature. It points out that it is understood that emails are extensions of people's private lives and must be protected, as well as being conversations between individual people.

The court finally ruled in favor of the Council for Transparency, reaffirming the publicity of the Administration's acts as a principle. However, it considered that the e-mails that mediated between the officials cannot be public, since they do not fit within the formula of being acts or resolutions, they do not refer to the procedure for their preparation or are the basis for them. They are private communications between individual people who have their own email account. Thus, they are protected by Article 19 No. 5 of the Constitution.

In the first place, we must bear in mind that the conflict focuses on institutional mailings and not on the individuals of public officials, in which case the inviolability of communications clearly prevails. The problem focuses on the entity of the content of the communications within the institutional mail.

An institutional email account is considered a work tool and although it is true that the communications contained therein must revolve around the activity of the public entity, there may be the possibility that there are private communications, for example, in a case of emergency where the private email account was not available, and must be covered by the inviolability of communications. The problem arises when work-related communications contain personal opinions or judgments that are part of the public employee's duties.

The argument of the representative of the Council for Transparency indicates something relevant: in some cases it has been allowed to know the contents of the emails, but it has only been "... when said communications have constituted the foundation or direct and essential complement of certain and determined administrative acts, and whenever it is considered that their disclosure does not affect the private life, or other fundamental rights of the public officials involved, since only in exceptional cases said advertising conforms to the provisions of paragraph 2 of article 8 of the Fundamental Charter,… ”.

In other words: communications are not possible to know as long as they are not really relevant for the issuance of the act or resolution, "foundation or direct and essential complement" and as long as they do not affect the privacy or other fundamental rights of public officials.

It would be a question to examine in each case. In any case, the conclusion is inescapable: that the communication is made through an institutional email account in the exercise of a public function does not automatically make it public for all purposes. There will be exceptions such as the fundamental rights of officials, in this case.


[1] Website Diario Financiero, "Consumption, Sernac and personal data" specifically https://www.df.cl/noticias/opinion/cartas/consumo-sernac-y-datos-personales/2021-01-27/184138.html (active as of 4.2.2021).

[2] Seminar "Reform of Consumer Law and Data Protection", see on Youtube, specifically https://www.youtube.com/results?search_query=Seminario+reforma+a+la+ley+del+consumidor+y+protecci%C3%B3n+de+datos (active as of 4.2.2021).


*The opinions expressed in this article are those of the author and do not necessarily reflect the views of the administrators of The Crypto Legal blog or the Lawgic Tec association.

- Advertising Notice-
Manuel Vergara Rojas
Lawyer. Degree in Legal Sciences from the University of Valparaíso, Chile (State). He currently works as a Professor in the Law Degree, Viña del Mar Headquarters of the University of Las Americas and assistant in the Law Degree at Andrés Bello University, Viña del Mar Headquarters, in the area of ​​Public Law and Law History. He has published three books and scientific articles on public, computer law and history of law education.

Similar

1,954Happy fans
514FollowersFollow
91FollowersFollow

Subscribe

*All fields are required
es Spanish
X