Friday, 7 October 2011

Dealing with data protection: the Habeus Data right

Yesterday the Colombian Constitutional Court endorsed ‘Habeus Data’ ( ‘ you should have the data’) right to become law. Habeus Data as the term implies, grants individuals with a constitutional right designed “to protect, by means of an individual complaint presented to a constitutional court, the image, privacy, honour, information self-determination and freedom of information of a person.” In other words it gives the tools to update, or correct personal information stored in databases and archives of public and private entities.

The presiding Judge, Hon. Juan Carlos Henao, explained that previously, Habeus data applied to databases of financial institutions regarding the credit reports of people. Now, this new law is extended to other entities that handle databases, such as health centres, public utilities, educational institutions and public offices.

Among the limits imposed by the law it will require holders of databases to give notice to the owner of the data if information is to be provided to third parties and also, to have the authorization to do so. They will also have the duty to inform individuals of, as well as be informed as to, how the information is going to be used.

This are superb news, they are taking pretty serious data protection. By this Habeus data they are giving power to individuals to request the rectification, update or even the destruction of the personal data held in any databases.


tatabánya nyelviskola said...

"Habeus Data"...that expression was new for me. cool anyways:)

Jorge E. Gómez said...

How can this law be put in practice by citizens? do I have a right to just approach any entity (or is it only State entities?) and ask what information they have about me? or can this only be used to demand they correct or destroy information?

Patricia Covarrubia said...

Dear commentators:
The term ‘habeus data’(yes, it sounds cool!) is a term that is used in several Latin-American countries and equals (more or less) to that used in Europe as data [privacy] protection. For example, Brazil, Paraguay, Argentina, Ecuador and Colombia include this ‘privacy right’ into their Constitutions. However, as expected it varies from country to country but at the end it seeks to protect the privacy of an individual.
In practice: according to the information it appears that the data must be in possession of state (public) or private institutions – financial institutions can be either and this law is an extension to the latter, but I guess we need to wait for a case on that regard. If we look at the set of examples given: education, health centres, public utilities, educational institutions and public offices, we know that many of these bodies are ‘private’ in our Latin American countries. On the contrary, if the text was written in Europe it will be inclined to cover just ‘bodies of the State’ because all mentioned are an ‘emanation of the State’ even if privatized (Foster case).
The other point raised is that in addition to the ‘correction and/or destruction’ of the data, an individual can ask how the information (data) is being used and its purpose and moreover, the data holders will need an authorization from the individual to do certain things with the data hold.
Will it work? I think that it is a good start but we know as a matter of fact that ‘offices’ in Latin-American are often short-staffed and overworked to be willing in a friendly manner to help each individual that approached the desk and ask: ‘ can I see the info that you have about myself?’. So, let’s wait and see how it will work.