| 📰 | This page or section is about an ongoing event. Check again later for more coverage. |
The Personal Data Protection Law, also known as "Ley de Protección de Datos Personales" in Spanish or Law N° 21,719) is a Chilean law created to increase protections for user's data. It is based on the General Data Protection Regulation (GDPR) from the EU. It was approved on August 19th 2024 and will come into force on December 1st, 2026.
Background
Summary
The first article of the law mentions the modifications for another law (Law N° 19.628) to cover protections for personal data. It adds definitions about types of data gathered and people rights over data management.
Responsibility for companies
Responsible companies and third-parties that provide services for these companies, whether they are national or international and operate in Chile are mandated to be transparent with their data management and to have the right measures to keep the data safe. inform and be transparent with their users, explaining to them how they manage their data and how the consumers can contact them. They also are only able to collect user's data if the user has explicitly consented the company to do so. However, there are some exceptions in where the data may be collected without the user's consent that involve user's legal obligations, exercise or defense of a right in court, contract purposes or for legitimate interests of the companies that may only apply if the person's rights are not affected. Data that is considered as sensitive data has additional regulations and may only be processed with the explicit consent of the user, but in some cases it is allowed to collect and process them without the person's consent when the data has become public by the user or for non-profit entities that use the data for non-commercial purposes or to provide them to other entities, saving the person's life, or by the previous reasons mentioned before.
Penalties
According to the Article N° It also explains that any company that is national or international or that operates in Chile (also affecting third-parties used by these companies, regardless they operate in the country or not) that manages personal data must be transparent about what kind of data is treated, disallowing the usage of the data for other purposes that are not mentioned and the amount of data gathered must be the minimum needed. Companies are allowed to retain data for a period of time, but they are forced to delete it after it is processed. Companies can ask for retain the data for longer time but they must have a legal permission or receive the user's consent first. The data must be protected in adequate standards to prevent any unauthorized usage, leakage or deletion. A user is allowed to ask for the data that a company has gathered about them and companies are forced to mantain the confidentiality of the data.
User's rights over their data
Any individual has the intransferible and indispensable rights of access, rectification, supression, opposition, portability and block their personal data unless another law does not allow it. If the data owner passes away, their heirs may perform the rights of the law. However, heirs may not perform these rights if the owner has forbidden this or any law prevents it.
Opposition: The data owner has the right to oppose to in the following cases:
- When the treatment objective is the legitimate fulfillment of interests of the company.
- If the data gathered is used for publicitary and profiling purposes.
- If the data has been gathered from public databases and there's no legal fundament for its usage.
The right cannot be performed if the data is used for statistic, historic, scientific purposes or any public function or activity.
Block: The owner has the right to temporarily prevent companies to process their data when a supression, opposition or rectification request is done. This right does not affect the storage of data by the responsible company
Portability: The owner has the right to request responsible companies about the data they gather and process, if it belongs to consented and automated processed data.
Data Protection Agency
The law dictates the creation of the Personal Data Protection Agency (Agencia de Protección de Datos Personales) 6 months before the law enforcement. This is a national entity related with the Chilean government that is dedicated to instruct and supervise if entities managing the data are complying with the Chilean legislations and regulations. It also is dedicated to solve users' reports about companies not complying or committing infractions.
Registro Nacional de Sanciones y Cumplimiento
Registro electrónico de acceso gratuito y público que mantiene registros de empresas y entidades que hayan sido sancionadas por incumplir las legislaciones de protección de datos. Los registros de una anotación serán accesibles hasta por cinco años desde la fecha en que se realizó la anotación.
Second Article
The second article
Third Article
References
- ↑ "Ley 21719" [Law 21719]. Biblioteca del Congreso Nacional de Chile. 13 Dec 2024. Retrieved 12 Apr 2026.
{{cite web}}: CS1 maint: url-status (link) - ↑ "Se aprueba Ley de Protección de Datos Personales: Revisa de qué se trata" [Personal Data Protection Law is approved: Check what it is about]. Gob.cl. Chilean Government. 27 Aug 2024. Retrieved 12 Apr 2026.
{{cite web}}: CS1 maint: url-status (link) - ↑ Parada Barriga, Francisco Javier (Dec 2024). "Ley 21.719: Chile se pone serio con la protección de tus datos personales" [Law 21,719: Chile gets serious with the protection of your personal data]. Universidad de Concepción. Retrieved 12 Apr 2026.
{{cite web}}: CS1 maint: url-status (link) - ↑ Carey, Guillermo; Mercado, José Ignacio; García, Gabriela (13 Dec 2024). "titulo". Carey. Retrieved 12 Apr 2026.
{{cite web}}: CS1 maint: url-status (link)