On May 22, the personal data regulator in Ireland imposed a fine of 1,200 million euros on the technology giant, Meta (ex-Facebook), for invasion of the privacy of its European users, argued – on this territory – by him. General Data Protection Regulation the legal framework that regulates in Europe the processing and use of personal data circulating online.

What is the lawsuit asking for? That in the international transfer of data for these users – whose information is generated in Europe but quickly moves to the company’s US servers – privacy and personal information is no longer protected, exposing them to a lack of regulation and excessive and unaudited use.

And it is that in Europe, they have rights and protection , but outside this territory, which to date is the one with the most advanced set of laws in this area, your data is subject to the possibility for intelligence agencies in the United States to request it and to use them. And there, as specialists explain, Meta has no way to refuse. Contrary to what happens in Europe, where the request for personal data is made before the courts and must be justified.

That’s how he explains it Corporate Data Protection Lawyer, Trinidad Laborde , which analyzes that what this situation reveals is above all an abyssal difference in the way we conceive and culturally approach our personal data; While in Europe there is a notion that the data belongs to them and should be protected, in the United States (and therefore in many Latin American countries that have followed this model) this notion is not yet fully articulated.

“The issue of surveillance, security, camera surveillance, powerful authorities, and trust in security agencies and institutions is deeply rooted in American culture. The question then is what else people are willing to sacrifice for something else. Am I willing to sacrifice my privacy for security and to what extent? In the United States, on a general level, there is a tendency for this to happen. But the majority of Europeans are not going to give up their information for a 5% discount at the supermarket, because they understand how valuable this information is and see it as something inherently personal. . There is also the matter of covering some basic needs, so you can make that decision. But in general, it’s about another vision of the world, another paradigm, and another way of approaching one’s private life,” he explains.

For this reason, Laborde is developing, to solve the problem that is at the root – which moreover already has standard contractual clauses, which were established in 2020 precisely to make the international transfer of data more transparent – which should be limited. power of the North American security agencies, which are the ones that to this day continue to access our personal data despite the clauses and the rights of users.

And that is precisely what this new sanction, the highest in the history of data protection regulation, which came into force in 2018, makes visible. “Today, the possibilities that are being considered to regulate this simply consist of to move the servers, so that the information of Europe is maintained there, something which we do not know if it will be possible to put in place, and on the other hand, to work on the Data Privacy Framework, a regulation to regulate the transfer between Europe and the United States”, he testifies. Just before the bill was approved in Chile, Laborde spoke about the local situation and the importance of changing, even gradually, the way we interact and perceive our personal data.

For now, we have these two great paradigms; European and American. How to deal with it in Chile?

At the time, in 2017, our data protection bill was presented to Congress as one of the most forward-thinking and pioneering, because we were the first to speak about it in the region. It was a project inspired by the European legal framework, but it took so long that at half-time Argentina approved a new regulation and we were left behind. Today the project is in the third constitutional procedure and everyone hopes that it will be approved this year, especially since it is an issue that has been relevant for this government.

Today, most businesses keep their information in a Google Drive, which is shared freely via email and everyone has access to. All customer data is there, it is unencrypted and often passwordless. In fact, in Chile most of the computers do not have a password and sometimes they are also transferred from the workplace to the home. Therefore, this law would take us from 0 to 100.

What I always try to convey is that beyond respecting the rule to the letter, it is important to leave room for a change of direction, a cultural change, in the way we understand and process our data. Data is a valuable asset, it is power and it belongs to us. We have seen it with Cambridge Analytica. We see it daily with Facebook; most of this company’s revenue comes from advertising, for which advertisement . Data is money and therefore needs to be protected. And we still don’t understand that.

In Chile, the protection of personal data has constitutional rank, in article 19 number 4, but we do not appreciate it. We pass the rut and we don’t think about the consequences, and we don’t think it’s not just about passing the name or the rut, but everything associated with that; what I like, my age, the movements I do. All of this shapes us and later serves to make us consume or influence our decisions. For this reason, what the law seeks, what it aims at, is to give back to the person the power and the domain of his data; If I want to deliver it because I like the promotional shoes I’m looking for to appear in my email, that’s fine, but the important thing is that we know the value of that information and have the ability to regulate. That we can decide. And the minute I no longer want my data to be there, we can ask to delete it, and easily.

Our current law provides for the rights of access, rectification, cancellation and opposition to processing, the problem is that we do not have a data protection authority and if we want to make these rights effective, we must go to court, which no one will do. The difference, therefore, is that with the new law, a data protection agency is created, before which we can exercise our rights and if they are not respected, there are high fines – up to 20,000 UTM – for companies that do not deliver respond. And this same agency has the duty and the obligation to transmit information in this regard, to train, to inform the public and to make plans so that we all become aware of it.

What do we deliver when we deliver our data? And why is it important that we protect them?

There is the most obvious and risky thing about being the victim of a cyberattack or a fishing, which moreover affects more vulnerable populations. In this sense, that we receive an email and we do Click on, or the classic phone call, or even connect to a Wi-Fi network in a cafe and create space for a cybercriminal to enter our computer. It all has to do with keeping the data vulnerable and accessible.

And then there is the most sophisticated, which is the ability to influence and influence our decisions. What we see is that with our data we can take a picture and, through advertising, videos, images, articles that are offered to us, manage to shape our habits, our behaviors and finally influence our opinion, even to the extreme. And we have seen that. This is when data really is power.

Yesterday, for example, the bank called me and said ‘we want to offer you cancer insurance, when was the last time you had a medical examination?’ Why report this to the bank? By providing this data, we can be profiled and it serves to guide us in our decisions about consumption, voting, everything.

Why is it important to talk about it? Especially now with the conversations popping up around artificial intelligence, its uses, and potential risks.

Especially because of the amount of life we ​​do every day online. We don’t even realize it, but we sit in front of the computer to work, we send emails, we communicate by Whatsapp, we use the Smart TV, we are all connected all the time and there are a whole personality of what we’re on the internet, so we have to deal with that.

Now people have the doorbell camera at home, the small machine that feeds the cat, the smart vacuum cleaner, a lot of home appliances that collect the data of our daily life. All these activities that take place in a virtual sphere, we must begin to value them; This personality that we have on the Internet must be protected.

And just as we clean the house, or make the bed before leaving, and brush our teeth, it is important to have order and virtual cleanliness. We cannot have so many documents on our computer without backup. We can’t have all of our data hanging there, accessible. We need to realize, through greater socialization of these issues, of activism and of what the new law proposes, that with all the life that we do online, there is an enormous amount of personal information circulating, information which should only be ours. . Being so exposed brings us risks.