Today, companies around the world collect and process a large amount of information composed of diverse data. As explained in the famous publication ‘The Economist‘, personal data is now the most valued global resource, more than oil and gas. Companies that have access to data, simply put, have power. This access can allow companies to become more competitive, gain an advantage in the market, boost their operations amongst other advantages.
In turn, the proper use of information by customers, clients, suppliers, and employees can help companies improve internal processes, optimize working conditions and design and create better services and products.
Currently, an important part of a company’s assets is the information it possesses. Information and data is a key asset that can give companies a tremendous market advantage.
Table of Contents
Ecuador Data Protection Law – Legislative Background
The regulation on personal data protection has been in development for many years. As of April 2018, the legislation took on particular relevance when the European General Data Protection Regulation (GDPR) was implemented. This regulation not only applies inside Europe but also addresses the export of personal data outside the EU, meaning that it has a global effect.
Almost a year later, and with the world still embracing the new privacy standards of European nations, many countries around the world have followed in the footsteps of the European Union and created new data protection laws. Some examples include India, the State of California and Brazil.
Ecuador has decided to follow suit which will generate implications for the commercial activities of companies that currently operate in Ecuador, or those that are about to join the local market.
Since 2008, The Constitution of Ecuador recognizes the right to protect personal data. However, this right does not contain specific regulation that extends to data protection. Thus, the initiative of creating legislation on this sensitive matter is necessary for the future development of the region.
Draft Law for Personal Data Protection
On Wednesday, January 16th, 2019, the National Directorate for the Registration of Public Data (DINARDAP), an Ecuadorian public entity attached to the Ministry of Telecommunications, presented the first law of personal data protection of Ecuador to the public. For the best construction and most transparent method to roll-out the legislative changes, the presentation was made within the framework of participatory dialogue – civil society, academia, representatives of the public and private sector and experts in the field were present. This approach demonstrates the governments drive to make the regulatory changes in the field of data privacy transparent and inclusive for all.
DINARDAP, the entity in charge of the drafting of this law, has been working on the law since late 2017. Nevertheless, for the moment, it is only a concept. This document has not been included the formal legislative approval procedure and it is expected that this law will be implemented in approximately 12 months.
One of the relevant aspects of the legal concept draft is the determination of new guiding principles. Furthermore, it is expected to contain new rights for citizens regarding the use of their data and effective interaction mechanisms with companies that process personal data. Likewise, the law will contemplate the determination of an entity to control and bare responsibility for the fulfillment of the legal obligations, and rights contained in the law.
Additionally, the law contemplates a specific sanction regime with fines applied and regulated according to the income level of the company that is in charge of processing personal data.
In general terms, the objective of the proposed law is to create a safer destination for the treatment of personal data and a territory where its national or foreign citizens have the conviction that their data is safe and protected.
International Data Transfers and Foreign Investment
In general terms, international data transfers can involve the flow of personal data from territories or states where data protection regulations are enforced to areas with looser laws and legislation.
International data transfers are, in our globalized society, a key element for the provision of services. These transfers correspond to a strategic activity that is important for companies growth and development. Hence, working in a country that guarantees data privacy becomes one of the key factors in the decision to incorporate a company to undertake service-related business activities.
The general principle of international data transfer determines that only international transfers of data will be made to a country and/or international organization if they comply with the provisions established in their national regulations. In addition, the level of protection of the rights and freedoms of natural persons should not be impaired.
In this sense, an international data transfer is made when a country has decided that a third country or international organization guarantees an adequate level of data/information protection. In this sense, a key factor is to determine whether a country has an adequate level of privacy for international data transfers.
For all the above considerations, it is important to note that Ecuador should be considered a suitable destination for investment, given that the government has already begun the process of rolling out data protection legislation. Once the law is effective, foreign companies can trust that Ecuador is a jurisdiction dedicated to the protection of data, and will have an adequate regulatory framework to ensure this.
Need More Information?
In addition to the drive to ensure data protection, Ecuador is an exciting commercial jurisdiction for investment. The government is pro-investment and the country uses the US dollar as the national currency, which has brought renewed economic stability and mitigates currency fluctuations when operating.
The information provided here within should not be construed as formal guidance or advice. Please consult a professional for your specific situation. Information provided is for informative purposes only and may not capture all pertinent laws, standards, and best practices. The regulatory landscape is continually evolving; information mentioned may be outdated and/or could undergo changes. The interpretations presented are not official. Some sections are based on the interpretations or views of relevant authorities, but we cannot ensure that these perspectives will be supported in all professional settings.