Chile | Personal Data Protection Law: the pillar of the regulation of artificial intelligence

Chile | Personal Data Protection Law: the pillar of the regulation of artificial intelligence

The imminent technological evolution leads us to recognize the importance of robust regulation that addresses the challenges posed by artificial intelligence (AI). At an international level, examples such as “The Artificial Intelligence Act” of the European Union and the Executive Order in the United States show the need for legislation that establishes guidelines and supervises the development of this powerful technology.

In Latin America, and particularly in Chile, we face the challenge of advancing regulations, learning from comparative experiences to avoid errors. However, we face significant obstacles, especially since the Bill on the Protection of Personal Data is still awaiting approval. This situation makes legislative discussion on more complex issues difficult, such as the regulation of AI systems, which has already been approved in general and has advanced to its particular discussion.

It is essential to recognize that the lack of an updated law on the protection of personal data, combined with little experience in implementing practices to reduce risks or conducting impact assessments, represents a significant challenge to responsibly moving forward in the regulation of issues. as relevant as this. In that sense, updating the Law on the Protection of Personal Data is presented as the fundamental pillar to progress in any regulatory framework related to technology.

We understand that artificial intelligence uses data of various types, including personal data, which must be used and protected appropriately. Likewise, we cannot ignore how the decisions made by these systems directly impact people’s rights. An illustrative example would be the selection of individuals for waiting lists in the health sector or the allocation of educational scholarships. In both cases, in the absence of updated legislation and lacking practical experience in the responsible use of this type of data, the risk of abuse and discrimination by artificial intelligence systems is significant.

This Sunday, January 28, was International Data Protection Day, an ideal time to look forward with optimism, anticipating that the mixed commission can reach agreements in March on the issues on which the chambers have not yet reached consensus. This advance will mark the conclusion of the legislative process and open a new chapter in Chile’s technological regulation.

By Constanza Pasarin and Trinidad Moreno, associates of the compliance group of Albagli Zaliasnik (az).

Source: Diario Financiero

Uruguay | Protection of personal data: A legal framework for privacy in the digital age

Uruguay | Protection of personal data: A legal framework for privacy in the digital age

In the digital age, the protection of personal data has become an issue of increasing importance throughout the world. Uruguay is no exception, since the country has established a solid legal framework to guarantee the privacy and security of personal information, which includes natural persons and also legal or ideally-existing persons. Through laws and regulations, the State has demonstrated its commitment to the protection of individual rights in the digital environment.

The Personal Data Protection Law

Law No. 18,331 on the Protection of Personal Data and Habeas Data Action, promulgated in 2008, and its complementary regulations, is the main legal instrument for the protection of information. This law establishes the principles and obligations for the processing of personal data, both by the public sector and the private sector. In addition, it created the Personal Data Regulatory and Control Unit (URCDP) as the authority in charge of supervising and enforcing the legislation.

Fundamental principles of the law

Uruguayan law is based on several fundamental principles. These include:

  • Informed consent: The processing of personal data requires the informed, unequivocal and express consent of the data owner, unless there is a legal exception.
  • Specific purpose: Personal data can only be collected and used for a specific and legitimate purpose, previously informed to the owner of the data.
  • Security: Appropriate technical and organizational measures must be implemented to protect personal data and prevent its unauthorized access, loss or alteration.
  • Proactive responsibility: Those responsible and in charge of treatment must adopt the measures tending to comply with the regulations, among them, privacy by design and by default, and carry out privacy impact assessments.

It also recognizes and protects the rights of the holders of personal data. These rights include access to the information collected, the rectification and updating of inaccurate data, the inclusion of data when there is a well-founded interest, and the deletion of data when it is no longer necessary.


Although Uruguay has established a solid legal framework for the protection of personal data, since, for example, the latest modifications to the regulations date from January 2023, there are still challenges in this area. Constant technological progress and increasing digitization pose new challenges in terms of privacy protection. In addition, it is necessary to promote awareness and educate citizens about their rights and the best practices to protect their data in the digital environment.

“In Uruguay, data protection continues to have a huge presence, in national and international businesses. Uruguay has had the adequacy note from the European Commission since 2012, which represents a differential when receiving investments, and has motivated a continuous review of legislation to continue adapting it to the main trends and international standards. In addition to opportunities, the foregoing also represents challenges for companies that need a continuous review of their personal data management practices in an increasingly demanding context due to the internal adoption of analytics, big data and artificial intelligence solutions. ” point out Martín Ferrere and Cecilia Alberti, partner and senior associate of FERRERE Uruguay.

Compliance in the protection of personal data is of vital importance because compliance with regulations contributes to protecting the rights of individuals, strengthening customer trust, and improving competitiveness in the market by mitigating risks.

Companies and organizations that have a culture of compliance not only avoid sanctions and reputational consequences, but can also gain competitive advantages, resulting in better business opportunities.

For more information contact:

Carla Arellano  | Counselor Ferrere |