Habeas data

The habeas data (from Latin: 'to have data present') is a jurisdictional action proper to law, usually constitutional, that confirms the right of any natural or legal person to request and obtain existing information about him, and to request its elimination or correction if it is false or outdated.

This right applies to information stored in records or data banks of all kinds, whether in public or private institutions, and in computer records or not. The right habeas data can also cover the concept of the right to be forgotten, that is, the right to delete information that is considered obsolete over time and has lost its usefulness. In more specific terms, habeas data is an action that any citizen can take when his data is not valid, some debt is not real, etc.

This right has been expanding and began to be regulated both by habeas data laws and by personal data protection regulations, which usually have a procedural chapter describing the object of the action of habeas data, passive and active legitimation, and evidence and sentence. Control agencies have also been entrusted with monitoring the application of these habeas data rules. In various countries, such as Colombia, Argentina, Spain, France, Germany, Canada, the United States, Belgium, Uruguay, among others, there are control bodies whose mission is to supervise the processing of personal data by companies and public institutions. A declaration of personal files is also usually required to generate transparency about their existence.

Aspects of habeas data

Access to public information

The right of access to public information arises from the right to information in general. The right of access to public information is then a perfect subjective right, so that a request made in this sense generates an obligation of the State to provide the requested information, except for some legal exceptions.

The right of access to public information arises from the need for transparency and as a democratic requirement. Transparency, it has been said, has a triple purpose: the right to know, the right to control and the right to be an actor (and not just a spectator) in public life.

In daily life, people generate more and more information, both in the private and public spheres. This information is stored, in different ways, in the institutions with which we interact: companies, educational institutes, banks, public bodies. The culture of transparency facilitates the flow of information, contemplating the right of all citizens to obtain it. The exercise of the right to obtain public information generates many advantages: the quality of democracy improves, administrative management is more transparent, we perceive greater institutional effectiveness and we trust more in a State that is at our service.

The right of access to public information is based on several principles, namely:

1. Freedom of information: We all have the right to access public information, with the sole exception of that classified as reserved, confidential and secret as provided by law.
2. Maximum advertising: Public agencies should provide information as broadly as possible when exceptions are excluded only.
3. Divisibility of information: If a document has information that can be known and information that should be denied, the first document will be accessed and not the second.
4. Absence of ritualisms: The procedures established for access to public information should eliminate the demands and ritualisms that hinder or prevent the exercise of the right.
5. Non-discrimination: Public agencies should provide information to those who request it without discrimination of any kind.
6. Opportunity: Public agencies should provide the response of the requests received in time and form, in compliance with the deadlines set by law.
7. Responsibility: In the event of non-compliance, public agencies are liable and are liable to the appropriate penalties under the law.
8. Gratuity: Access to public information is free, with the exception of reproduction costs where applicable.

The protection of personal data

This notion of protection of personal data constitutes a fourth generation Fundamental Human Right, strongly linked to growing globalization, the rapid advance of new technologies and the democratization of access to information. This guarantee is not intended to go against the use and development of new technologies, but against their incorrect use when it violates certain rights inherent to human quality. The existence of this Institute of Habeas Data is not contrary to that of public or private information registries, but is intended to be an effective tool that ensures the veracity of its contents. In this sense, the United Nations Covenant on Civil and Political Rights provides in its article 17 'No one shall be the object of arbitrary or illegal interference with his honor or his reputation. Everyone has the right to the protection of the law against such interference or attacks. For its part, the Pact of San José de Costa Rica adds that every person has the right to recognition of their dignity. No one can be the object of illegal attacks on his private life, his family, his home or his correspondence. More precisely, Article 14 provides that "Any person affected by inaccurate or offending information issued to his detriment and addressed to the general public has the right to rectify or respond." The right to inform and to be informed is recognized, but also respect for the personal sphere and their family, social, and professional environment is inherent to every individual. This guardianship comprises two dimensions. A forecast of not carrying out a certain conduct, prohibiting the intrusion of third parties in the private sphere of the subject. To this end, the processing of personal data that reveals racial or ethnic origin, political opinions, religious or philosophical convictions, trade union affiliation and data related to the health or sexuality of the individual is prohibited. In addition, a positive dimension, which includes the possibility of having and controlling the data that concerns him. This power to know the content of the records, who has said information and what use it gives, includes the power to oppose that possession and use of the data, being able to require that they be rectified or canceled if they are not a true reflection of reality. All this notwithstanding the possible responsibilities for the damages produced.

The affectation of Human Rights such as the right to privacy, intimacy, dignity, will depend on the use to which the databases are submitted. Thus, the processing of personal data must be adjusted to certain rules, with the owner having actions that operate fully guaranteed for their protection in cases of involvement. In this way, the protection of the right to privacy of individuals is pursued. Well, as Professor Dr. Carlos Delpiazzo states, "in the face of the computing power of those who can accumulate information about each person in unlimited quantities, memorize it, use it and transfer it as merchandise, the right to privacy is configured as a new form of personal freedom'. It is therefore imperative to ensure that all individuals take advantage of the benefits implied by new technologies, particularly information and communication technologies, always in accordance with the observance of the exercise of human rights as a guiding factor for their implementation. development.

Concurrence of the right of access to information and the right to protection of personal data

It is from the recognition of the right of access to public information that collisions with other legally protected interests are generated, in particular with the fundamental human right of protection of personal data. That is why the need to seek a balance that attends to and contemplates both. This harmonization will mean that if the exercise of the right of access to information implies an affectation of the personal sphere of a subject, the purpose pursued by that one must give up its place in front of that limit, in order to protect the content of the right that ensures the privacy of people. For its part, the confidentiality of personal data does not affect the subjective essence that the right to information pursues. All fundamental rights are primordial, they demand respect, protection and are communicated within a complete system, where they are interrelated depending on each other and in which it is sometimes necessary to take precedence over another. This subordination is never absolute and does not imply that the right is defeated, but that in the consideration another appears as more significant and gains strength based on its greater weight at the time of basing the decision on the choice of both.

Electronic access of citizens to Public Services

It is the right of every citizen to interact with public administrations by computer means. It is about the possibility of the individual to carry out by electronic means (telematics) paperwork and procedures, except those where the regulations establish limitations on access to information.

Implementation in different countries

Argentina

The National Constitution establishes in its article 43:

Any person may lodge this action to learn about the data referred to therein and its purpose, contained in public data registers or banks, or private ones intended to provide reports, and in case of falsehood or discrimination, to demand the deletion, rectification, confidentiality or updating of such data. The secret of journalistic information sources cannot be affected.

Habeas data is regulated by the personal data protection law enacted in the year 2000 and by various subnational laws.

Columbia

The regulatory framework of Habeas Data in Colombia has been gradually consolidated since the incorporation of its recognition in the 1991 Constitution, in four clearly identified phases.

First, national jurisprudence, above all that arising from the body of constitutional closure such as the Constitutional Court. Then, a second phase with the appearance of special rules, Law 1266 of 2008 for financial information, which arises from the penal regulations of computer crimes enshrined in Law 1273 of 2009. A third phase with the development of the general regulation of personal data of natural persons with Law 1581 of 2012. And a fourth phase of administrative regulation, with the implementation of the registration system of personal databases or file registration (RNBD) before the Superintendency of Industry and Trade.

Uruguay

The Right of Access to Public Information is enshrined in the Constitution of Uruguay. The Law that regulates access to the right of all citizens to Public information is Law No. 18,381, which was promulgated on October 17, 2008 and regulated by Decree 232/2010.

Establishes the right to:

• Request information from all public bodies, whether state or not
• Receive complete, truthful information within twenty working days of the application.
• Access to all public information, except the secret and the classified as confidential or reserved in accordance with the law
• Free access to public information
• To obtain permanent information through the websites of public agencies
• Respond to justice if access to information is denied
• Complain to the Public Information Access Unit any violation of the law by a Public Agency

Regulations

Constitutions

• Argentina.
• Bolivia.
• Brazil.
• Colombia.
• Ecuador.
• Nicaraguan Constitution.
• Spain (art. 18).
• Honduras.
• Panama.
• Mexico.
• Paraguay.
• Peru.
• Dominican Republic.
• Uruguay.
• Venezuela.

Laws

• Argentina: Law 25.326 - Protection of Personal Data (October 2000)
  • Law 1.845 Autonomous City of Buenos Aires http://www.gob.gba.gov.ar/legislation/legislation/l-14214.html
  • Law 7447 Province of San Juan
  • Law 3246 Province of Río Negro
  • Law 4360 Province of Chaco
  • Law 4244 Province of Chubut
• Bolivia Law 2631 Art. 23, reformed in 2004 - Political Constitution of the State Arts. 103 and 131
• Chile (art. 12,628)
• Colombia Decree 1377 of 2013 Partly regulating Law 1581 of 2012.
• Spain: Organic Law 3/2018 on Protection of Personal Data and guarantee of digital rights.
• Mexico
• Nicaragua Law on Access to Information, Law on Protection of Personal Data and its Regulatory Decree
• Panama Law 6 of 22 January 2002.
• Paraguay Article 135 of the National Constitution
• Peru Code of Constitutional Procedure Art I al X, 61 to 65; Organic Law of the Constitutional Court; Law 29733 Protection of Personal Data; Law 26470; Law 27806 Art 1-11; and Law 27444 Art I, 131 to 134.
• Uruguay: Acts 18,331 and 18,381 of August and November 2008 respectively.
• Guatemala: Law on Access to Public Information, Decree 57-2008.

Jurisprudential recognition

• Spain: Decision 292/2000 of 30 November of the Constitutional Court, which recognizes the right to data protection as an autonomous right to privacy.

• El Salvador: in 2004, it was recognized, for the first time and through the Supreme Court of Justice, as the fundamental right of all Salvadorans to protect data or self-determination information, derived from a constitutional amparo process that the lawyer Boris Rubén Solórzano filed against a company dedicated to the collection and marketing of credit information, DICOM. For now, the figure of habeas data can only be analyzed by the same Supreme Court of Justice, as there is no special law governing data protection in El Salvador. Currently the lawyer Boris Solórzano is president of the Salvadoran Association for the Protection of Data and Internet, INDATA of El Salvador. The President of INDATA, Lic. Boris Solórzano, presents on December 10, 2007 -International Day of Human Rights - a lawsuit in the Supreme Court of Justice of El Salvador against the company Infornet S.A. de C.V. for marketing with 4 million personal data of Salvadorans without any control and without the consent of the holders, violating the right to the protection of data of all those Salvadorans, fundamental right already recognized by the jurisprudence of the same court, This demand used Argentina's jurisprudence of the Users' Union versus Citibank, where it was recognized that a consumer association was entitled to represent collective interests of those affected. On March 5, 2011, the Supreme Court of Justice gave the reason to INDATA and condemned Infornet for violating the right to data protection or informational self-determination of Salvadorans in its database for commercial purposes. In addition, it prohibits you from selling your personal data without the consent of the holder. Amparo 934-2007. www.csj.gob.sv
• Argentina: The Commercial Chamber in the case "Union of Users v. Citibank" condemned the financial entity for sharing data with third parties without permission and declared the active legitimation of a consumer association to sue via habeas data.