With the EU’s General Data Protection Regulation (GDPR) coming into force on May 25, 2018, the protection of personal data has become a hot topic. However, before deciding whether if you should comply with this regulation, it is important to know what personal data comprises and how it differs from privacy and intimacy..
The Ecuadorian Constitution guarantees the right to intimacy and the protection of personal data. Now, what is covered by the right to intimacy? Intimacy comprises the most personal aspects of an individual, to which neither the State nor society have the right to access. The right to intimacy empowers each person to decide what is kept private and to prevent the disclosure of this private information. Consequently, breach of this right to privacy consists of the illegal intrusion of a third party in the most personal details of an individual without permission.
It is important to note that the scope of intimacy depends on the individual, so it is difficult to give precise examples. However, it commonly includes the most personal information , or sensitive data such as sexual orientation or state of health. In general, intimate data isthe information which the owner has decided that should not be revealed to or accessible by third parties.
Personal data has been defined as all information that identifies a person. The right to the protection of personal data has been recognized as the right to informational self-determination. That is, the freedom of each individual to determine the use of his/her information, the freedom to determine the disclosure of information to third parties and the life of this data.
A common mistake when talking about personal data is to assume that it only applies to sensitive information. Personal data includes more relevant information such as medical history, citizen card number, as well as information that may seem irrelevant such as a person’s vehicle registration number.
The right to the protection of personal data is breached when a third party violates any of the principles that govern the treatment of this data. Therefore, it is very important that those who manage data (i.e. collect, file, process, distribute and/or disclose data) take into account the principles governing the right to data protection.
Although there is currently no cross-cutting regulation that governs data protection in our country, it is important to know that you must comply with GDPR if you handle data of EU residents.
Although there is currently no cross-cutting regulation that governs data protection in our country, it is important to know if you are affected by the GDPR if you handle data of EU residents.
Ortiz, Ana, (2003), The Right to the Protection of Personal Data in an Information Society. Deusto University
Lorena Naranjo, (2017), Naturaleza Jurídica del Dato Personal Como Presupuesto Generalizado del Derecho a la Protección de Datos Personales. May 10, 2018, FORO 27
Constitution of the Republic of Ecuador, published October 20, 2008.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) published May 4, 2016.
Ruling No. C-881/14 of the Constitutional Court of Colombia, obtained on May 14, 2018. http://www.corteconstitucional.gov.co/relatoria/2014/C-881-14.htm
Warning: This newsletter by Pérez Bustamante & Ponce is not and cannot be used as legal advice or opinion since it is merely of an informative nature