A few years ago, Law No. 172-13 was enacted in the Dominican Republic, which aims at the comprehensive protection of personal data recorded in files, public registers, data banks, or other technical means of data processing intended to give reports, be these public or private.
The main purpose of this law is to establish the legal framework of the rights and obligations relating to the processing of personal data of citizens by those responsible and in charge of files.
By the way, the tagline "intended to give reports, whether public or private" included at the end of the title of the law is irrelevant for the purposes of illegitimate treatment. It suggests that the scope only covers data processed for reporting purposes and this is incorrect. The storage of biometric records, the unauthorized reproduction of audiovisuals with sensitive data, or the international transfer of financial information are examples of treatment that do not involve the issuance of a report, but nevertheless, it is necessary to configure the legal regime for the protection of these procedures.
In terms of data protection, the European Union is the one who takes the lead and determines what are the parameters for the treatment of citizens' data to be legitimate worldwide. Judgments such as that of the Court of Justice of the European Union of May 13, 2014 regarding the case Google Inc. against AEPD and Mario Costeja that gave rise to the concept "Right to be forgotten" is a sign of the maturity of the European market in terms of Data Protection.
We live in a world connected through information networks and it is necessary that there be uniformity in the legal criteria for data protection, specifically those related to international transfers of personal data to guarantee similar legal protection between different States.
After the promulgation of the General Data Protection Regulation in 2018, legal protection, control of personal data is increased and greater pro-activity is required on the part of those responsible for the processing. Many companies worldwide find it necessary to change the way they acquire, store and transfer personal data, especially when there was an international transfer or treatment of sensitive data.
The RGPD places limitations on companies that store, handle or transfer personal data of European citizens with States that do not offer the necessary guarantees or legal obligations comparable to those of the regulation.
This has forced many countries to adopt similar regulations, coordinating their national legislation with the RGPD, as is the case with the recently approved Brazilian Data Protection Law or the California Consumer Privacy Act (CCPA). Both laws follow the European Data Protection Model, which allows greater uniformity of legal criteria, rights, and obligations between different States, guaranteeing greater custody of the privacy of citizens.
Inclusion of new rights: portability and limitation of data.
Law No. 172-13 establishes that Dominican citizens have four fundamental rights regarding the protection of their personal data; These are Access, Rectification, Cancellation, and Opposition of personal data.
These rights were transcribed from the repealed Organic Law 15/1999, of December 13, on the Protection of Personal Data in Spain, which contemplated these same guarantees (also known as ARCO Rights by its initials). However, with the entry into force of the RGPD, the Dominican legislation was outdated by not including rights recently incorporated with the new regulation such as Portability and Data Limitation.
The limitation of personal data refers to the right that people have to restrict or block the use of information for the purposes of, for example, deleting sensitive information published on a web page or preventing other users from accessing certain data, provided that predefined requirements are met.
On the other hand, data portability is a power that allows citizens to demand the transfer of their data in a structured way from one company to another without the intervention of the interested party, provided that certain requirements are met and when technically it may be possible.
Administrative procedure for the exercise of rights
The exercise of personal data protection rights should not be done through the courts unless there is a recurrent refusal by the person responsible for the illegitimate data processing to comply with the request made by the interested party.
The purpose of legal action such as Habeas Data is to restrict the spread of illegitimately acquired data and ultimately to limit or suppress the use of such information. When a court is seized to hear this matter, there is a possibility that the information may be leaked.
In the most advanced countries in terms of personal data protection, citizens have the power to file these requirements for the exercise of their rights by administrative means, either through an agency such as the Spanish Agency for Data Protection or address state, such as the General Directorate of Personal Data Protection of Peru.
Having a specific administrative entity for the protection of data would allow greater speed in the resolution of complaints, more discretion when creating resolutions and directives on the protection of privacy, as well as greater diligence in the prosecution and sanction of treatments illegitimate personal data or violations of the privacy of citizens.
With a reform to the data protection framework, greater protection can be guaranteed by incorporating new rights such as portability or data limitation, establishing more efficient administrative procedures for the exercise of rights following the European Data Protection Model, creating a government entity to establish directives on data protection as well as the receipt of complaints through administrative channels and a system of sanctions for those responsible for illegal data processing.
Reforming the personal data protection regulations in the Dominican Republic, adapting it to the European Data Protection Model established with the RGPD, would lay the foundations for the creation of a legal framework that would allow legislation on data storage in Blockchains, Digital Assets (Cryptocurrencies) and Decentralized Finance.
This article was originally written in Spanish by Ivar Cifré Molina, a lawyer who is specialized in New Technologies, E-Commerce, Data Protection, and Blockchain. He is the Founder of JURISPIXEL, a legal consultancy for technology startups and entrepreneurs located in Madrid, Spain. He writes articles on tech law for the Spanish legal magazine A Definitivas. Also, he is the creator and developer of a security app for Android called lockIO.
Follow on Twitter or Instagram @ivarcifre
Follow Us
🐦 Twitter: @kryptonodes
📷 Instagram: @kryptonodes
for more Memes, Promo Codes, Referrals, and Airdrops!
⬇️ GET FREE CRYPTO! ⬇️
• Save 10% every time you buy or sell crypto - Binance
• Up to $1,000 USD worth of crypto in 90 days GUARANTEED - StormX
• Earn Ethereum just for reading articles! - Publish0x
• Get $10 when you register and deposit $100 - Coinbase
• Receive €5 when you open an account - N26
• Earn $59 worth of $COMP - Coinbase
• Receive $5 worth of BTC as a Welcome Bonus - HoneyGain
• The easiest way to earn FREE CRYPTO - QuiCrypto
• Simplest way to mine Bitcoin from home - HoneyMiner
• Earn Cashbacks in Bitcoin when you shop online from major e-commerces - Lolli
