Ingresar
Ecuador Government Agency Answers Key Questions on Data Protection and Privacy
By Robalino
The Superintendency of Personal Data Protection (SPDP) of Ecuador has issued responses to five citizen inquiries regarding the implementation of the Organic Law on Personal Data Protection (LOPDP) and its associated regulations.
Below is a summary of the SPDP's decisions on each inquiry:
Inquiry 01-2024: Recognition of Best Practices under the LOPDP
The LOPDP includes provisions for recognizing data controllers and processors who comply with the law. A question was raised about the requirements for receiving this recognition and its implications on penalties.
SPDP Response:
The SPDP acknowledges the provision for best practices recognition but notes that there is currently no formal certification process in place. As a result, the SPDP cannot provide specific details on how such recognition will be granted.
Inquiry 02-2024: Verification of Compliance with Data Protection Officer (DPO) Appointment
Article 48 of the LOPDP outlines the situations where a Data Protection Officer (DPO) must be appointed. A question was asked about the SPDP’s procedures for verifying compliance with this requirement.
SPDP Response:
While the LOPDP requires the appointment of a DPO, the SPDP reveals that a formal compliance verification process has not yet been developed. The SPDP is still in the early stages of creating the necessary regulatory frameworks to ensure compliance and protect data subjects' rights effectively.
Inquiry 03-2024: Use of Biometric Data in Legal Representative Appointments
For legal representative appointments and powers of attorney for companies, biometric data such as fingerprints are required for identity verification. The inquiry questioned whether this practice violates the right to personal data protection under Article 66, Section 19 of the Constitution.
SPDP Response:
The SPDP deems the use of biometric data (fingerprints) in this context excessive. It concludes that an individual’s identity can be verified adequately with just their identification number, making the fingerprint requirement unnecessary.
Inquiry 04-2024: Data Processing in the Traceability of Implant Cards
Implant cards, which are used for tracking patients with implantable medical devices, contain health-related data. The inquiry sought clarification on how healthcare institutions, manufacturers, and record holders should process data related to these cards.
SPDP Response:
The SPDP mandates that all parties involved must follow Resolution No. ARCSA-DE-2023-016-AKRG. This resolution requires obtaining data subject consent and processing only the personal data specified in Article 32. It also stresses the importance of implementing control measures to ensure data protection, with data being stored securely and deleted once no longer needed.
Inquiry 05-2024: Access to Notarial Documents by Third Parties
Notaries have access to personal data in documents they authenticate. Article 40 of the Notarial Law allows anyone to request copies of notarial deeds, but a question arose about whether third parties need a contract with the data subject to access these documents.
SPDP Response:
The SPDP clarifies that any individual can request copies of notarial deeds under Article 40 of the Notarial Law without needing a contract with the data subject. However, the SPDP recommends that notaries obtain consent from the data subject when providing notarial services and take steps to protect sensitive personal data by anonymizing unnecessary details in the documents.
For advisory services regarding the implementation of the Law, please contact our team of experts:
Pedro Córdova Balda, pcórdova@robalinolaw.com
María Paula Arellano, mparellano@robalinolaw.com
Gabriela Holguín, gholguin@robalinolaw.com
Robalino
Robalino: Innovation and Excellence in Ecuador
Robalino stands out in the Ecuadorian legal advisory landscape as a pioneering firm in merging legal services with consulting. With a disruptive approach and a forward-thinking vision, the firm has quickly positioned itself as a strategic ally for businesses of all sizes and sectors, serving a broad range of clients, from startups to large multinational corporations.
What sets Robalino apart?
Continuous Innovation: Robalino goes beyond traditional legal services. Through continuous innovation, it explores areas typically outside the legal sector, such as social impact financial agreements and personal data protection from a technological standpoint, demonstrating adaptability in a changing world.
Comprehensive Expertise: The firm offers a full spectrum of legal services, from advising on the protection of intangibles to compliance and defense regarding clients’ assets. Its multidisciplinary team ensures personalized and effective solutions.
Client Focus: Robalino supports its clients at every stage of their development, providing strategic advice and protecting their most valuable assets, both tangible and intangible.
Global Perspective: With strong expertise in international transactions, Robalino has established itself as a reference on the global stage, advising companies on operations beyond Ecuador’s borders.
Our Key Strengths
Protection of Intangible Assets: Robalino is the ideal partner for companies seeking to properly register and protect their trademarks, patents, industrial designs, and other intangible assets.
Strategic Advisory: Robalino offers a strategic approach, enabling clients to make informed decisions and optimize their operations from both a legal and business consulting perspective.
Innovation and Adaptation: The firm stays at the forefront of current trends, offering innovative solutions tailored to each client's specific needs.
Robalino provides exceptional advisory services. Its commitment to excellence, innovation, and client satisfaction has established it as a market leader in Ecuador. The firm is also recognized internationally.