On June 30 of this year, Law No. 21.248 was published which, through a constitutional reform, established the possibility of withdrawing a certain amount, initially 10%, from the individual capitalization accounts of the pension system. managed by the so-called Pension Fund Administrators (AFP).
This reform was carried out, in order to make it possible to access these funds to people affected by the economic consequences generated by the Covid-19 pandemic. His dictation was the subject of much criticism from various angles and by many specialists.
In the first days of November, the Ministry of Finance made a request to the Superintendency of Pensions in the sense of requesting the data of all those who, up to that moment, had made the withdrawal of said amounts. The entity responded by sending the information to the Ministry.
The reaction of public opinion was contrary to this delivery of data. As stated in the press, there were complaints from citizens, presentations were made to the Office of the Comptroller General of the Republic, it was being studied to make requests to the Council for Transparency and, even, in the Chamber of Deputies the possibility of constitutionally accusing the Minister of Finance.
Faced with the controversy, said portfolio indicated that it was within its powers to request such information and that, in addition, Law No. 20.403 in its article 30, it empowered him to do so in the performance of his duties. In effect, said rule authorizes the Undersecretariat of Finance, among other entities, to access the data of the pension data information system provided in Law No. 20.255 (Article 56), as well as to require personal data of a pension type to the other public bodies, who are obliged to provide them. It also closes the rule establishing the responsibility for the handling of said data of the entities that would process them and mentions the duty of secrecy and confidentiality of the personnel.
As an example of a similar rule, article 34 B of Law No. 19.728 was mentioned, which allows access to data from the so-called Unemployment Fund Administrators (AFC). Likewise, the case of the Undersecretariat of Social Security was pointed out, which, in order to comply with Law No. 21.248 and in the exercise of its powers, requested information from the Superintendency of Pensions, which was also delivered.
In addition, the Minister of Finance added that the use of the data was for purely statistical purposes and was not intended to deliver the collected information to other entities or institutions.
As can be seen, we are facing a new version of an old problem that afflicts Chilean legislation, which is the collection and processing of personal data in very critical matters, this time being those related to pension data.
As a first point, it is clear that public services can access the existing information between them and make a communication of it, as long as there is a regulation that empowers them, as in the specific case. This makes the State more efficient in fulfilling its functions.
In fact, Article 20 of Law No. 19.628, on the protection of personal data, indicates that public bodies can process personal data with respect to matters within their competence and subject to the rules of the law. In these cases, the consent of the owner will not be required. This is the general rule that authorizes data processing.
However, the problem that is revealed is the lack of a special norm in the specific legal body. The Ministry of Finance alleged the example of the so-called AFC established in Law No. 19.728, a norm that establishes precise and determined rules for the handling of personal data of members of the system.
Article 34 of said law, orders the existence of a database of workers subject to insurance, operated by the managing company, which provides for a general record of worker information, movement of individual accounts due to unemployment and the filing of documents. Record keeping is only for the functions established by law and the Superintendency, through a general rule. He closes the point by noting that the "only purpose" of the database is to serve as support for the functions of the company and for the Superintendency to carry out technical studies.
Article 34 A states that the Superintendency may require the information from the database to meet the established objectives and carry out the inspection of the matters within its competence.
Article 34 B empowers the entities mentioned there to request information from the databases from the AFCs in order to carry out their functions. Next, it makes those entities responsible for the treatment and use of this data, and establishes the duty of reserve and secrecy of its personnel.
Article 34 C allows the possibility of representative samples of databases, after dissociation (today anonymization) according to Law No. 19.628 for the purpose of research and studies, and made available to natural or legal persons, public or private.
As we can see, it is a specific law that establishes everything that is required, the purpose of the data recording, who can request the information and for what purposes.
With regard to pension data, there is no express rule in the respective law, as is the case with the AFCs. In effect, the regulatory body that regulates the AFPs, Decree Law No. 3.500, does not establish any provision on the existence of a data record, its purposes and objectives, as if the law on the AFC does. The provisions on the Superintendency of Pensions (contained in said decree-law) do not indicate any specific norm in this regard, giving the entity in article 94 No. 2, the general function of "Oversee the operation of the Administrators and the granting of the benefits that they grant to their affiliates, and the operation of the pension fund management companies."
The rule we discussed at the beginning, article 30 of law No. 20.403 has drafting similarities with article 34 B of the law on AFC, and establishes that such information is requested for “the exercise of their functions”, clarifying later that "The aforementioned public bodies and their staff must keep absolute confidentiality and secrecy of the information they become aware of and refrain from using said information for their own benefit or for third parties".
These are rules that delimit the scope of action, but do not clearly establish the objective of the existence and protection of a database with the information of the members of the pension system.
In Chile, the memory of what happened with electoral information before the reform of the Electoral Service law is still valid, where the original regulation had such a broad formulation that it made the entity understand that it could sell the databases to institutions commercial, as indeed happened.
Ultimately, situations like these are the ones that draw attention to citizens and parliamentarians, the risk that, if there is no clear regulation on the existence and purposes of data records in public entities (as well as in private ones) and how information is communicated, it may reach the hands of institutions that use it differently to the detriment of people's rights.
Also, there is no doubt that the atmosphere of tension produced by the political and social crisis that has affected the country since October 2019, amplifies situations like these that, in other circumstances, would have caused a minor scandal, but no less important, and with more limited political consequences, without even thinking of a constitutional accusation against the minister of the branch.
The matter also presents another aspect: what the Ministry of Finance requested was the RUT (Unique Tax Rol) of the people who made the withdrawals instead of anonymized information, which would be the logical thing to do the studies that said portfolio alleges to fulfill their functions. This was highlighted by both Jessica Matus, director of the Protected Data Foundation, as well as by Alfredo Díaz, president of the specialty of computing and informatics, of the College of Engineers of Chile AG In short, the information provided should be of the statistical type and not one referred to nominative data, which is achieved when the data is delivered with the RUT.
For its part, in a press release the arguments of public entities were exposed in the sense that the information was only required for the formulation of public policies and without any other purpose.
Also, Matus highlighted an interesting aspect: the law used to deliver the information, No. 20.403, corresponds to a miscellaneous type, that is, a law that addresses different matters such as the readjustment of the remuneration of public sector workers, the concession of bonuses and other benefits, that is, a rule that did not have as a special purpose to regulate said transfer of information, which should have been what was appropriate. Another aspect highlighted by Matus was that the information did not come directly from public sector entities, but from data from private individual funds, not being public information properly.
Finally, Gloria de la Fuente, president of the Council for Transparency, the entity in charge of controlling access to public information, indicated that the Ministry of Finance was informed of the reason for the request made, and whether or not there was a violation of personal information.
As they say in journalistic jargon, it is news in development, with many aspects to clarify in order to deliver a definitive opinion on the matter.
However, we can try a solution to this problem in two ways: either the reforms are made to the respective laws regulating the records that the entities must keep, clearly establishing their purpose and how this information can be transmitted to public entities and the management of part of these; Or else, a general rule is established for the State bodies regarding how to treat the information when it comes from entities that have these data records.
Although Law No. 19.628 on the protection of personal data provides a general applicable framework, it is no less necessary to establish common rules for the management of information by the public sector, as well as in those cases in which private entities handle data of transcendence of the people, clearly determining the existence of the registry, its purpose and the form of delivery to state entities, the case of Law 19.728 being a good example.
As we can see, there is still a long way to go in Chilean law.
*The opinions expressed in this article are those of the author and do not necessarily reflect the views of the administrators of The Crypto Legal blog or the Lawgic Tec association.
 El Mercurio newspaper in Santiago. November 6, page B5; and November 7, page B6.
 Official Gazette of November 30, 2009.
 Article 98.- The Electoral Service personnel must maintain absolute confidentiality regarding the antecedents or documents that they know in the fulfillment of their tasks, without prejudice to the publications that must be made and the information that said Service may provide in accordance with the law. (original version of the law).
 The Clinic Website, specifically https://www.theclinic.cl/2020/11/06/fundacion-datos-protegidos-sobre-informacion-personal-de-retiro-de-fondos-entregada-a-briones-contraloria-debera-determinar-si-fue-ilegal-o-no/ (consulted 8.11.2020).
 El Mercurio newspaper in Santiago. November 6th. Page A2.
 La Tercera newspaper. November 8th. Pulse, pages 4 and 5.
Council for Transparency Website, specifically https://www.consejotransparencia.cl/presidenta-del-cplt-detalla-que-oficio-al-ministerio-de-hacienda-busca-conocer-razones-por-las-cuales-se-esta-pidiendo-informacion-personal-para-fines-estadisticos/ (consulted 10.11.2020).