To angie jijonholder of the National Directorate of Public Registries (Dinarp), there has been evidence of a commitment by part of the business community to protect the personal data of its users. It affirms that it has verified investments in technology and organizational measures as a result of the approval of the Organic Law for the Protection of Personal Data (LOPDP) in May 2021. It indicates that the delay in the election of the Data Superintendent will not affect or delay the application of the sanctioning measures that will apply from May 2023.
However, he acknowledges that there is a perception among citizens that the regulations have not been of much use, since their data continues to be shared with entities of which they are not clients, receive calls, text messages or WhatsApp to offer them services.
“I changed my number twice, but companies that offer services get it”: sanctions for mishandling of data will come into force in May 2023
A year and a half has passed since the approval of the LOPDP. How do you assess the adaptation of companies and citizens to the regulations?
Since the law was promulgated on May 26, 2021, we have started a training campaign at the society level of what the Data Protection Law is. It has been addressed first to the public sector and then to the private sector in the sense that we have made approaches and training workshops with chambers such as the Canadian-Ecuadorian, with Innova in human talent.
I have seen that many of the companies are very interested in implementing data protection measures, they are working on their systems to achieve that, since the application of the law (sanctions begin to apply) will take place in May 2023.
What we want from the Government is that it is not taken as a law to be sanctioned from May, but that we want to advise, protect the information, which is a very important asset, and in this the Dinarp has done a pretty good job because it has approached all sectors in this regard.
In fact, the practices that have been implemented to have cybersecurity measures have grown in the country. When this government began, the measures were at 26%, which was very low, and they have risen in this year and a half to 35% globally. Normally a country grows by 2%.
But 35% of the total number of companies, which is above 100,000, suggests that there is still a lot to improve and implement, understanding that all companies handle data, the difference lies in their volume.
The law obliges companies from May 2023 to implement systems. That is why I understand the two years that were given for all these companies to make an economic program to be able to acquire systems for the protection of this data and for the creation of their own policies for the protection of this information.
Almost a year after the approval of the Data Protection Law, Ecuador still does not have its superintendent
It must be understood that it is a change of mentality in the way in which work was done in Ecuador, where people thought that everything belongs to everyone. The protection of information is basic for the cybernetic, digital world. That is why the law was issued and that it joins all the practices that are implemented in other countries to have a greater flow of communication and commercialization. I believe that companies are making their efforts to implement this type of policy.
However, the majority of citizens do not know the rule and if they do, they feel that the law has not benefited. In fact, they complain that their personal data continues to be shared, that they receive calls or messages from companies that they are not customers of.
The implementation of the law has only just come into force since May 2023. After that date, citizens will be able to feel the change that is going to take place in the institutions. On the other hand, citizens have access, through our website and social networks, we have posted all the information that has to do with the law.
In addition, let us remember that the Comprehensive Organic Criminal Code (COIP) classifies the sale of databases as a crime and anyone who feels injured can go to the Prosecutor’s Office and file a complaint about this type of action. The criminal part has been active since 2014.
“I get emails from overdue debts from people I don’t know”: mishandling of personal data extends to collection companies in Ecuador
The administrative part is the one that will come into force when the LOPDP begins to take effect in May 2023. At the time, there will be the authority of the Superintendency for the Protection of Personal Data that will monitor companies that do not comply with the law. .
But we do not see an empowerment of the citizen with their data, very few raise legal actions for the misuse of personal information. Most are left to reject the call or block the message. What is missing to drive this?
That citizens have a little more interest, since there is a lack of motivation in preparing, in knowing, perhaps because they are busy in other types of situations. The Data Protection Law is simply respect for the other, respect for the third party. We have to understand that people own their information and we have to respect this.
Ecuador has to work hard on respect. For this reason, I will meet with the Ministry of Education to hold talks at the secondary level so that students are aware of this.
This is a mindset shift. We have to learn to respect because we believe that everything that is on social networks, on open pages, is ours and it is not. I am the owner of my data, I know who I give it to and I know who I give the data to so they can use it for something and I have to enforce my rights.
Since the law exists, in the year 2021, the person has already protected their right to demand compensation for damages if someone misused their data.
The appointment of the Superintendent of Personal Data is overdue. It was expected to be this end of the year, but that was ruled out and it is intended to be done in the first semester of 2023. There are no regulations for the application of the law either. Will these delays affect the application of the standard?
There are still six months for the application of the law and we understand that the creation of the new data protection authority will be enabled within the time mandated by law. The Government is working on that and I believe that the Citizen Participation Council will fulfill its role. There is already a regulation to choose the superintendent. So I think that within six months he will be appointed.
Regarding the regulations, I can tell you that it was a great job that we did at Dinarp in conjunction with the Ministry of Telecommunications and helped with international cooperation, we socialized with the academy, with all the interested parties. We delivered the regulation to the Legal Secretariat at the beginning of this year and I understand that it is being reviewed to issue within these six months left for the implementation of the law.
But structuring a superintendency from scratch, I think it will take considerable time and with the deadline for sanctions hurried, the job will be complex for the new official.
It will be structured. The Government is working on that and the superintendent will be able to structure the superintendency and, above all, there will be the resources to implement it. (YO)
Source: Eluniverso
Paul is a talented author and journalist with a passion for entertainment and general news. He currently works as a writer at the 247 News Agency, where he has established herself as a respected voice in the industry.
