Since last May 26, companies can be sanctioned for not applying the provisions of the Personal Data Protection Act, such as having the owner’s permission to manage their data on their platforms.

But after a little more than a week from that date, what does this mean for the customer-consumer of the service? Several of our columnists are calling.

For Marija Fernanda Koboanalyst of economic and business issues, the free and informed consent that users give to companies for the management of their personal data must be understood as the exercise of rights that guarantee three fundamental conditions in the management of personal data: confidentiality, integrity and availability of information.

“Under no circumstances (authorization) should be interpreted as a condition for providing or not providing a service, but as a protection that companies are obliged to integrate into the management, control and processing of their clients’ personal data. This safeguard enables the development of a shared responsibility between users and companies to create safe and reliable digital environments that protect the privacy and identity of their customers,” says Cobo, who adds that, during the transition to full compliance with the law, companies must be very agile and proactive in explaining the law, its benefits and scope to our clients in order to integrate them into our digital culture: “Understanding our personal data as a heritage that we must protect”.

While German creamalso a business affairs analyst, sees important value in this law so that people can access and control their data at different times or request changes or cancellation of that data, especially in matters not related to the contracted service.

“(The law) also requires professional processing of personal data and avoiding their incorrect handling. A reference I’ve made in the past is to the fact that large tech companies offer computing services to their customers, but capture their personal information to use in marketing campaigns. Marketing or sales. This new law obliges companies to negotiate and report these decisions to customers instead of how they are made: arbitrarily, without the customer knowing how personal data is being handled. These changes will require important changes in businesses to ensure they are able to meet the legal requirements set out in this new law protecting customer data,” says Creamer.

Where can I file a complaint if I believe that my personal data has been violated?

Legal expert Andres Ortiz Herbener reminds that since the entry into force of the current Constitution (2008), everyone has the right to know about the existence of and access to documents, genetic data, banks or collections of personal data and reports about themselves or their assets that are kept in public legal entities or privately, in physical or electronic support. For this reason, in order to regulate this constitutional norm, the Organic Law on the Protection of Personal Data (2021) was issued and two years were given for the application of the issue of sanctions.

“It is also necessary to say that one of the main principles governing this law is the principle of loyalty; This means that the ways in which their data is processed or will be processed (…) must be left to the holders. To this end, it is recommended to carefully read the type of consent we give to these database operators, because, although they do so to avoid further fines and sanctions, the truth is that very few of us actually read what we are authorizing. Therefore, it is advisable to go to a lawyer who knows the matter, so that he can advise you in the best possible way on this matter,” says Ortiz.

Companies are bound by the Personal Data Protection Act, which establishes legitimate treatment, proves that it is for related purposes or complementary services and has consent (Articles 7, 8 and 9), but users also acquire the right to know what your data they have, request corrections, deletion or oppose the processing of your data (Articles 12 to 20).

In an interview for this newspaper, the expert Diego Bassante, Ecuadorian and IBM head of government and regulatory affairs in the regionHe said that the state is a decade late on this matter, but that it is healthy that we already have this law, because in the current economy it is necessary and inevitable; and we are all affected, so it is important to have and know ARCO rights (access, correction, cancellation and opposition to personal data).

In the near future, it would be optimal for companies to allow authorizations by segments, rather than by the entire block of conditions, according to analysts. (OR)