Most people probably don’t give much thought to how their personal data is actually used by companies or government agencies. For many, “personal data” still means nothing more than a name, an address, or a national ID number—the kind of details we’re used to handing over to public services or commercial entities in Chile.
But Chile’s recently approved Law No. 21.719 on the Protection of Personal Data—set to take full effect in 2026—takes a far broader view. Under this law, personal data means any information linked to or referring to an identified or identifiable person. That could include a fingerprint, biometric scans, or even elements tied to our cultural or social identity. In short, it’s not just the basics—it’s us.
And data processing? That’s defined as virtually any operation, automated or not, that involves collecting, storing, transmitting, or using personal information. In today’s world, that inevitably means large-scale, mass processing. Consider a company with thousands of employees: attendance records, salary payments, sick leave data. What happens if that information ends up in the wrong hands? Who is held accountable when data is misused?
These aren’t hypothetical questions. Just a year ago, the Dutch Data Protection Authority fined Uber €290 million for improperly transferring European drivers’ personal data to the United States without adequate GDPR safeguards. The case, which stemmed from complaints by more than 170 drivers, revealed that the data involved included not only account details and payment information, but also sensitive records such as medical and criminal background data.
And this was not an isolated episode. In 2023, Facebook (META) was hit with a record €1.2 billion penalty for transferring European users’ data across the Atlantic in what regulators called a “systematic, repetitive, and continuous” violation.
The stakes couldn’t be higher. Why should someone, sitting in another country, not only have access to our most personal information but also profit from it? This isn’t just about the data we “voluntarily” provide when shopping online or signing up for an app. It’s about how exposed we truly are—our privacy, our identities, our very selves—before the enormous reach of global corporations.
References
- Reuters (Aug 26, 2024). Dutch privacy watchdog fines Uber €290 million for sending drivers’ data to U.S. Link
- Autoriteit Persoonsgegevens (Dutch DPA). Dutch DPA imposes a fine of 290 million euro on Uber because of transfers of drivers’ data to the US. Link
- Library of Congress, Global Legal Monitor (Sep 12, 2024). Netherlands: Uber Heavily Fined for Violating EU’s GDPR. Link
- European Data Protection Board (May 22, 2023). EDPB binding decision: IE SA fines Meta €1.2 billion for unlawful data transfers. Link
- BBC News (May 22, 2023). Meta fined record €1.2bn for mishandling Facebook data. Link
- The Guardian (May 22, 2023). Meta fined record €1.2bn for Facebook data transfers to US. Link
This post is a trial piece, drafted in collaboration with Artificial Intelligence.
Derecho y cotidianidad 