CHILE Law and Practice Contributed by: Claudio Magliona, Bárbara Reyes and Diego Lisoni, Magliona Abogados
also consider the adoption of cybersecurity measures. One of the most relevant of these authorities is the National Consumer Service (SERNAC), which, thanks to the Pro-Consumer Law, is – temporarily – the supervisory authority for per - sonal data protection within consumer relations. This is until the new Personal Data Protection Law and the new Data Protection Agency come into effect in December 2026. SERNAC has issued interpretative circulars on the law, which, while not binding for providers, are binding for SERNAC officials in charge of oversight. This could lead to infringement com - plaints before the courts (SERNAC does not have direct sanctioning powers). Among the most important circulars are the following. • Interpretative Circular on good practices in electronic commerce – security in electronic contracting. SERNAC stated that providers of services and products through electronic means must inform and adopt necessary technical measures to guarantee consumer security, integrity and confidentiality of trans - actions, payment methods and personal data. This includes indicating the levels of protec - tion applied to each. Additionally, SERNAC considers that companies must take corre - sponding safeguards in cases of electronic contracting by minors, vulnerable consumers, or those who lack the capacity to understand the information provided on the website. • Interpretative circular on criteria of equity in the stipulations contained in adhesion con - tracts referring to the collection and process - ing of personal data of consumers – abusive clauses that make the consumer responsible for the effects of possible deficiencies, omis - sions, or errors, such as limiting the liability of
the supplier in case of unauthorised access, losses, alterations, or leaks of the consumer’s personal data. SERNAC considers that the duty of professionalism falling on suppliers, considering the obligation of security in data processing, entails applying comprehensive security measures. This includes technical, organisational and human capital formation to safeguard the confidentiality, integrity, and availability of consumers’personal data to prevent alteration, loss, transmission and unauthorised access. In the field of consumption, SERNAC has inter - preted that providers responsible for processing consumers’ personal data must compensate for damage caused by collection, processing, use, disclosure or other processing operations when they have not met the security and profession - alism standards of Law No 19,496 on the pro - tection of consumer rights and 19,628 on the protection of privacy. New Personal Data Protection Law After extensive legislative discussion that took over seven years, Law No 21,719 was enact - ed, reforming Law No 19,628. This new law will come into force in December 2026, along with the creation of the National Personal Data Protec - tion Agency. From that moment on, SERNAC will cease to be the controlling authority in this matter. The new law establishes a Security Principle, according to which the processing of personal data must guarantee adequate security stand - ards, protecting it against unauthorised or illicit processing, loss, leakage, accidental damage or destruction. In addition, security measures must be appropriate and consistent with the type of processing and the nature of the data.
88
CHAMBERS.COM
Powered by FlippingBook