The study of privacy law in the last two years has been concentrated in the conflict that has been waged between the European Union and the United States regarding data protection legislation. This has been a legal battle that has had severe implications for the future of Electronic Commerce and has been prompted by some requirements set by the EU on the export of data to countries that do not have adequate privacy protection laws in place. So far, the debate has missed the issue of whether or not other countries possess adequate levels of data protection, and other types of data protection have not been properly analysed. Some Latin-American countries have enacted a new type of constitutional protection of personal data in order to insure individual privacy from the abuse of data registers. This is a new approach to the whole issue of data protection.
|Published (Last):||3 November 2007|
|PDF File Size:||7.19 Mb|
|ePub File Size:||9.20 Mb|
|Price:||Free* [*Free Regsitration Required]|
This paper is mostly an update on an article that first appeared in this journal in June [ 1 ] regarding the relatively recent legal figure of Habeas Data, which has been implemented in some countries in Latin America. The need to update the original article arose from the fact that there have been many new developments regarding the implementation of this legal tool in Latin America, and because of some other interesting developments in the European Union that required that some of the original conclusions be revisited and amended.
The paper has many sections that are similar to the original, with the intention of making the update a stand-alone document. A shorter two-part version of the paper appeared in the World Data Protection Report[ 3 ].
The European Union has been enacting serious Data Protection legislation by the means of a Data Protection Directive[ 4 ] that poses a burden on member states to put in place laws that comply with its provisions. Among those provisions there is a prohibition to the member states to transfer data to countries with no adequate Data Protection legislation in place.
This provision in particular has proven to be incredibly contentious because of the nature of the modern global economy and the importance of data transfer and electronic commerce to the major trading countries. This has sparked an international debate that has engulfed the United States and the European Union in colossal struggle to resolve the issue[ 5 ]. It is not the role of the present essay to delve into the detail of such struggle, but many important questions have risen from this debate.
This is where the new Latin American Habeas Data right becomes important. Does it comply with the standards of adequacy established by the European Union? What is Habeas Data anyway? Is it effective? This paper will attempt to answer these questions. The individual complaints before a Constitutional Court have a long tradition in the history of the Law.
The first complaint that existed, and perhaps the most famous, is the Habeas Corpus which is roughly translated as 'you should have the body'. It originated on the Middle Ages in England and it is a writ issued by a court commanding that a person held in custody is brought before a court so that it may determine whether the detention is legal.
Some other individual complaints exist, such as the writ of mandamus USA , amparo Spain and Mexico , Respondeat superior Taiwan , etc[ 6 ]. The newest of these legal mechanisms is the Habeas Data. The Habeas Data writ itself has a very short history, but its origins can be traced to certain European legal mechanisms that protected individual privacy.
This cannot come as a surprise, as Europe is the birthplace of the modern Data Protection. In particular, certain German constitutional rights can be identified as the direct progenitors of the Habeas Data right.
In particular, the German Constitutional Tribunal created the right to information self-determination by interpretation of the existing rights of human dignity and personality[ 7 ]. This is a right to know what type of data is stored on manual and automatic databases about an individual, and it implies that there must be transparency on the gathering and processing of such data[ 8 ]. It has been pointed out that by the 's the right to controls the information about oneself was being extensively discussed in quite a lot of specialised legal literature, where the need of the citizens to control the information stored about them was not only an act of self defence against abuses by others, but it had become an active right against the technological handling of personal data, which created a new type of problem for the individual[ 9 ].
The purpose of the convention is to secure the privacy of the individual regarding the automated processing of personal data. To achieve this, several rights are given to the individual, including a right to access their personal data held in an automated database[ 11 ]. However, we must ask ourselves how did the first European privacy protection efforts cross the Atlantic and landed in Latin America under a new guise.
The end of the s and the beginning of the s can only be described as a very interesting period in the history of Latin America. The end of the Cold War brought a resurgence of stability and democracy to the region. The old military regimes gave way to young and vibrant democracies. These new regimes had to start from scratch in most cases, and that is why so many new Constitutions were created in this period.
That is the case of the Federal Republic of Brazil. In , the Brazilian legislature voted a new Constitution, which included a novel right never seen before: the Habeas Data individual complaint.
It is clear from the details of the new constitutional right that the framers of the Brazilian Constitution were aware of the developments and huge advancements in data protection taking place in Europe. It is unclear however why it was decided to create it in the form it took, which does not resemble any of the existing European solutions to the Data Protection problem.
The fact is that the new legal right offered a new type of privacy defence, unlike both the North American and the European types of Data Protection. In , the Brazilian Parliament enacted the Law No. It was voted to regulate certain aspects of the law offered in the Constitution, as it lacked the proper procedural and administrative guidelines.
Following the Brazilian example, Paraguay incorporated the Habeas Data right to its new Constitution in After that, many countries followed suit and adopted the new legal tool in their respective constitutions: Peru in , Argentina in , Ecuador in , and Colombia in Habeas Data is gaining momentum and moving northwards. There are projects to incorporate the new right in Guatemala, Uruguay, Venezuela and Costa Rica[ 13 ], and several important writers and political groups support the implementation of the figure both in Panama[ 14 ] and in Mexico[ 15 ].
The literal translation from Latin of Habeas Data is 'you should have the data' and it describes its nature very accurately. Habeas Data is a constitutional right granted in several countries in Latin America.
It shows variations from country to country, but in general, it is designed to protect, by means of an individual complaint presented to a constitutional court, the image, privacy, honour, information self-determination and freedom of information of a person. The importance that this figure has is stressed by the fact that it can be a mechanism available to citizens that will insure a real control over sensible personal data, stopping the abuse of such information, which will be detrimental to the individual[ 17 ].
In general, the Habeas Data complaint can be brought up by any citizen against any register to find out what information is held about his or her person. That person can request the rectification, update or even the destruction of the personal data held, it does not matter most of the times if the register is private or public. Ekmekdjian points out that all Habeas Data legislations should provide the individual with at least the following rights:. Provide access to the registers to control the personal or family data.
Provide means to remove or cancel sensible data, which may injure the individual's right to privacy, such as religion, political ideology, sexual orientation or any other potentially discriminatory information[ 18 ]. The legal nature of the individual complaint of Habeas Data is that of voluntary jurisdiction, this means that the person whose privacy is being compromised can be the only one to present it.
The Courts do not have any power to initiate the process by themselves[ 19 ]. Most of the local laws concerning Habeas Data do not differentiate whether the mechanism should be used against manual or automated databases.
It will then have to be assumed that it covers both. The efficiency of the tool as an adequate privacy protection action for the individual will be discussed in detail later. Because Habeas Data is a new figure, it is obvious that it is in constant evolution as it responds to different local situations.
The particularities from some of the countries where it has been used will be discussed next. Being the birthplace of the Habeas Data action, the Brazilian legislation is the less evolved one, and it is also the one that provides one of the poorest privacy protection tools. The Brazilian Constitution stipulates that:. It is interesting to notice that the Constitution only allows for the access to and the correction of data, not for its update or destruction. The regulatory law to the Habeas Data procedure provides the individual with the right to add an annotation to the data stored on a registry where it is stated that such data is under legal dispute[ 21 ].
This provides a novel way to inform third parties that certain personal data is under contention. The tribunal where the Habeas Data action is presented changes depending on who is it presented against, thus creating a very complicated system of venues.
Both the Brazilian constitution and the law stipulate that the court will be:. The Superior Federal Tribunal for actions against the President, both chambers of Congress and itself;.
The Superior Justice Tribunal for actions against Ministers or itself;. The regional federal judges for actions against federal authorities;. State judges for all other cases[ 22 ]. Besides this system, there are several mentions about Habeas Data in the existing military legislation in Brazil[ 23 ], mostly regarding jurisdiction issues and further confusing the already complicated system.
The Paraguay constitution follows the example set by Brazil, but enhances the protection in several ways. The Article of the Paraguayan constitution states:. He is also entitled to know how the information is being used and for what purpose. He may request a competent judge to order the updating, rectification, or destruction of these entries if they are wrong or if they are illegitimately affecting his rights'[ 24 ].
Besides giving the individual the opportunity to find out what the information is being used for and for what purpose, the Paraguayan system allows for the updating, rectification or destruction of the data. In just four years, and in another country, the Habeas Data constitutional guarantee has evolved and gained strength. This is a much better definition than the Brazilian one, and shows that the Paraguayan congressional representatives not only copied its neighbour's version, but actually did some research on the subject.
The Habeas Data version of Paraguay is also better than the Brazilian one in its procedural aspects. The constitutional chamber of the Supreme Court is the one in charge of hearing and deciding cases of Habeas Data, centralising the application of the constitutional guarantee in an existing tribunal[ 25 ].
As the previous two countries, the Habeas Data right was introduced to Peru by means of a new constitution that was enacted after a large political upheaval. The Article , section 3 of the new constitution, creates the Habeas Data. In a sense, the Peruvian constitution allows for less privacy protection than that of its predecessors, but in some other ways provides more.
It provides less protection because it does not allow for the rectification or removal of incorrect data stored on a database, such as the Paraguayan version. Nevertheless, it provides more protection because it forbids the broadcast, copying, transfer or distribution of the incorrect data.
Nevertheless, the Peruvian version of the Habeas Data right allows only for one case of rectification of inaccurate or aggravating information. The press is the only institution in all of Peru compelled to rectify such type of data according to the constitution[ 26 ]. The Peruvian Habeas Data version is also the first one that specifically mentions that the citizens have the right not to have any personal data supplied by any 'information service, automated or not'[ 27 ]. It is clear now that the Habeas Data covers both manual and automated systems.
The Peruvian Legislature enacted a regulatory law on April 18, Among several procedural provisions, the Congress decided not to apply the Habeas Data right to the press. This measure came because of various complains by human rights activists that saw this as a way to interfere with the freedom of expression rights, protected also by the constitution[ 28 ].
It can be argued that the Peruvian version of Habeas Data seems less effective and more politicised than its predecessors. It is unclear how this figure will be affected by the change of government and the end to the polemical rule of Alberto Fujimori. It does appear that the legislation was created to insure control over the press, but that function should no longer be important in a more open political environment. The Argentinean version of Habeas Data is not specifically called that.
For an unknown reason, the Argentinean legislators have merged several individual constitutional complaints under the name of amparo , which can be roughly translated as 'shelter'. The a mparo is a constitutional guarantee that exists in many other countries in Latin America and the civil system in Europe such as Spain and Portugal[ 29 ]. Whatever it is called, the Argentinean version of Habeas Data is the most complete to this date.
JILT 2001 (3) - Andres Guadamuz
JILT 2000 (1) - Andres Guadamuz
Habeas Data Law