The State of Communication and Privacy Law in Chile (2020)
Is there a data protection law?
Chile became the first Latin American country with a data protection law in 1999 - Law 19.628.
Chile does not have a proper data protection authority that oversees companies’ compliance with data protection law. In turn, the Council for Transparency is the body responsible for monitoring government administration bodies’ compliance with data protection law.SEE MORE
Does the data protection law apply to law enforcement activities?
Law 19.628/1999 applies to the processing of personal data by companies and government entities, with no specific exception for law enforcement activities.SEE MORE
What are the criteria, if any, for the transfer of personal data to third countries under their data protection law?
Chile’s data protection law does not provide any specific rules regarding transfer of personal data to third countries.
Chile’s Constitution ensures the inviolability of all forms of private communications. The interception, access to, or recording of any private communications or documents are only allowed as per the cases and means set by law. Article 9 of Chile’s Criminal Procedure Code requires prior judicial authorization to all proceedings that affect, deprive, or restrict the constitutional rights of the accused or a third party.
Interception of communication - Prior judicial order is required.
Access to the content of communications - Prior judicial order is required.
Access to metadata - Prior judicial order is required following Article 9 of the Criminal Procedure Code.
Access to subscriber data - No specific provision, subject to the general rule set by Article 9 of the Criminal Procedure Code.
Location data - No explicit legal authorization.SEE MORE
What’s the factual basis to access communications data?
The factual basis for accessing communications data in Chile includes:
Article 9 and Articles 218, 219, and 222 of the Criminal Procedure Code
Article 24 of the Law 20.000/2005 and Article 33 (a) of the Law 19.913/2003 (investigation of drug trafficking or money laundering-related offenses)
Article 14 of the Law 18.314/1984 (“Anti-terrorism Law”)
Articles 23 and 24 of the Intelligence Law
Chile’s Constitutional Court ruling n. 2153-11
For details on the above articles and cases,SEE MORE
Which authorities have the legal capacity to request access to communications data?
For interception measures: public prosecutors and the directors or heads of the bodies that form part of the State Intelligence System. The National Economic Prosecutor in administrative collusion investigations.
For the special procedures established in Article 24 of the Intelligence Law: directors or heads of the State Intelligence System’s bodies.
For accessing retained IP addresses, subscribers’ IP numbers, and connection logs; or companies’ copies or versions of the transmitted or received communications: public prosecutors.
For details on the above authorities,SEE MORE
Does the country have provisions about access to data in cases of emergency?
Article 9 of Chile’s Criminal Procedure Code indicates that in urgent cases the judicial order can be requested and granted by any means suitable for the purpose, such as telephone, fax, email or other. Urgent cases are the ones in which an immediate judicial authorization is indispensable for the success of the measure.SEE MORE
Is there any data retention mandate?
Article 222 (5) of Chile’s Criminal Procedure Code states that telecommunications providers must retain a list of authorized ranges of IP addresses, subscribers’ IP numbers, and connection logs for at least one year and disclose it to the Public Prosecutor’s Office.SEE MORE
Are there any rules that authorize the use of malware?
Chile’s law does not have any specific or explicit authorization regarding the use of malware. However, Article 24’s broad definition of special procedures for obtaining information in Chile’s Intelligence Law might serve to controversially authorize remote access to a device through the use of malware.SEE MORE
Is there any law that compels companies to provide direct access to their internal servers for law enforcement purposes?
To the best of our knowledge, there is no legal provision authorizing this kind of access in criminal investigations.
Does the law compel companies to assist law enforcement agencies in their investigations?
Prosecutors are entitled to demand information from any person or public official, who are obliged to provide it, except in cases expressly exempted by law. Natural or legal persons must comply with the proper judicial order for the special procedures set in Article 24 of the Intelligence Law.SEE MORE
Does the State report on the number of requests to access communications data?
Nonetheless, in 2018, the number of telephone interception requests were revealed by a news media outlet.SEE MORE
Is there any legal limitation that prohibits companies from publishing transparency reports?
To the best of our knowledge, there is no legal prohibition against disclosing aggregated or statistical data on government data demands under the Criminal Procedure Code. The Intelligence Law’s provisions restricting access to communications surveillance-related information and records held by intelligence entities does not extend to the disclosure of statistical or aggregated data.SEE MORE
Do telecommunication companies publish transparency reports?
Telefónica-Movistar - YES
VTR - YES
Claro - The company’s latest transparency report refers to 2017.
Entel - The company’s latest transparency report refers to 2018.
GTD Manquehue - NO
WOM - YESSEE MORE
Can companies notify users about States’ data requests?
A judge may authorize an intrusive investigative measure to be carried out before the investigation is formalized and without prior notification of the person affected when it is indispensable for the investigation. After the investigation is formalized, a prosecutor’s request for not notifying the person affected will only be granted by a judge if the secrecy is strictly necessary for the measure to be effective.SEE MORE