The organic law on the protection of personal data enters into force on May 26. A norm that synchronizes constitutional principles of law and justice with digital principles of security and privacy, in order to develop social interactions in the digital environment based on legitimacy and trust.

The protection of personal data is a human right associated with digital citizenship, which stems from the state’s obligation to guarantee universal access to information and communication technologies and to simultaneously protect and defend the privacy of individuals, as an essential element of their dignity and security. For his part, the citizen, on the basis of his own self-determination, freely and informedly approves or consents to the use and processing of his personal data, with the standards of confidentiality, availability and integrity, to third parties, whether public or private entities.

“Don’t just reject a call or block a message from a company you’re not a customer of”: you can claim compensation for misuse of personal data in Ecuador

From the institutional dimension, the law places special emphasis on the proactive responsibility of self-regulation, which promotes the development of codes of conduct on privacy policies by sectors, industries, companies or organizations whose purpose is to comply with the law and have the authority to approve and control. Additionally, it foresees support in certification entities that issue seals for the protection of personal data, conduct specialized audits and certify the processes of international transfer of personal data; measures that will allow companies to structurally integrate this regulation into their management practices and avoid the risks of sanctions, which provide for fines between 0.1% and 0.7% calculated on the volume of business corresponding to the financial year before the imposition of sanctions.

‘I’m getting emails about overdue debts from people I don’t know’: Mishandling of personal data extends to debt collection firms in Ecuador

Both personal consent and institutional self-regulation strengthen the interdependence of the state and the citizen in order to protect and defend the security of personal data against risks or threats of malicious handling of them. According to the Inter-American Development Bank, “during the first semester of 2022, the region suffered 137,000 million attempted cyber attacks, an increase of 50% compared to 2021; where Mexico is the most attacked country, followed by Brazil and Colombia”. In the case of Ecuador, the police’s cybercrime unit is reporting a 35% annual increase in digital crimes, with the most common being fraud, embezzlement by electronic means, and breach of privacy.

With the rapid growth of the digital economy and technological development, these types of laws are born with the risk of quickly becoming obsolete. Agility and sensitivity to the needs of citizens requires the design of public policy that is continuously subject to progressive levels of demand, which guarantees digital governance in accordance with the speed and scope of technological innovation, which will allow regulations to be consolidated in the digital culture of citizens and, at the same time, integrate more effectively international standards. (OR)