Chile: Passed Personal Data Protection Law including data protection regulation

On 8 May 2023, Chile’s Data Protection Law, consolidated in bulletins 11092 and 11144, was approved by the House of Representatives. The law will apply to any individual or entity -private or public- in Chile. Individuals will have the right to request access, rectification, deletion, blocking, and sharing of personal data. In the event of death, legal heirs may decide on the processing of personal data unless other explicit prohibitions have been made previously. Consent must be communicated in written form and may be revoked at any time. Some exceptions exist when consent is not needed to process personal data, such as if it concerns a financial or banking obligation or is necessary as part of a contract. In addition, the controller must communicate to the data subject the type of data collected and the legal basis for collection. The data collected needs to be specific and limited to the explicit purpose. If data is requested, it must be delivered promptly, clearly, concisely, and accurately. Finally, controllers are expected to adopt reasonable steps to ensure data security and to provide confidentiality. Specific requirements on sensitive personal data, such as health or minor data, are also specified. The law has been sent to the Senate for its approval.