Privacy – Personal Data Protection news in LATAM

Privacy – Personal Data Protection news in LATAM

By Andrea Sanchez Vicentini, Belén Sorrentino, Delfina Sejas and Mateo Darget.

We summarize some of the latest developments on personal data protection that took place in different countries of Latin America over the last months.


  • On February 10, 2022, the National Congress enacted the Constitutional Amendment 115 of 2022, which aimed to recognize personal data protection as a fundamental right.
  • On June 13, 2022, Provisional Measure No. 1,124 was enacted. According to this rule the National Data Protection Authority was transformed into a special autarchic entity that will enjoy administrative and budgetary autonomy. Now the Provisional Measure must be endorsed by the National Congress.


  • Currently, a new personal data protection bill is being discussed in the House of Representatives. The bill is aimed at replacing the current data protection legal regime approved in 1999.


  • On October 29, 2021, Law 2157 aimed at strengthening the habeas data right was enacted and approved. Among other changes, this rule inserted the accountability principle in Law No. 1266 of 2008 on habeas data and treatment of financial information stored in databases.
  • On January 24, 2022, the Executive Branch issued Decree 092 of 2022, which modified the structure and functions of the Superintendence of Industry and Commerce. It created the Habeas Data Office which will deal with complaints seeking the protection of the habeas data fundamental right, adopting the corresponding measures to guarantee and implement said right, issue the necessary orders and verify its compliance.

Costa Rica

  • On May 9, 2022, a personal data protection bill was introduced in Parliament. The bill aims to update the current legislation and strengthen the right to privacy and personal data protection recognized by the Federal Constitution.


  • On Abril 30, 2022, the Do Not Call Registry (“Registry”) within the scope of the Regulatory Unit of Communications Services became operational. The purpose of the Registry is to protect users of telecommunications services from abusive communications.
  • On December 2021, the Personal Data Regulatory and Control Unit, controlling authority of the Uruguayan Data Protection Law, released a guideline on compliance with the obligations of the Data Protection Law addressed to foreign entities. The goal of the guidelines is to describe the obligations imposed to those foreign entities that are subject to the Uruguayan personal data protection regime.

For further information please contact:

Share post: