W7y8w3

of private companies. Examples of this are many.Large amounts of personal data leaked from publicservices 7 or mishandled by banks and other privatecompanies 8 could be subject to commercial trafficamong private companies, and these practices havenot been subject to legal penalties.In 2009, a lawyer publicly accused her medicalinsurance company of handing over her medicalinformation, including her medical history and diagnosis,to a chain of pharmacies. She discoveredthe following when purchasing medication in one oftheir stores: the pharmacy not only had her nameand profile, but also knew her medical condition,supposedly protected not only by data protectionlaws, but by laws guaranteeing medical privacy. Thesystem allowed the pharmacist to suggest medicalproducts for this person. However, while the administrativeauthority fined two insurance companies,these companies claimed that exchanging this informationwas not only legal but also widespread,customary, and even necessary. 9 In April 2013, yearsafter this scandal, a different insurance companyproudly announced a new agreement with similargoals with a different pharmaceutical chain. 10 The13 International Principles on the Application of HumanRights to Communications Surveillance 11 havebeen drafted and signed by hundreds of institutionsand individuals from all corners of the world, demandingstate action under strict rules of necessity,proportionality, transparency, accountability, legalityand more. But it is hard to assess the damagethat can be caused when, in fact, there are privatecompanies with more information at their disposalthan even the state has or could have, for the merefact that commerce is an interest whose strength farsurpasses the interests of national security.7 Cooperativa.cl. (2014, March 27). Investigan copia irregularde la base de datos del Registro Civil. Cooperativa.cl. www.cooperativa.cl/noticias/pais/servicios-publicos/registro-civil/investigan-copia-irregular-de-la-base-de-datos-del-registrocivil/2014-03-27/093754.html8 Álvarez, C. (2012, July 3). Banco de Chile reconoce error: enviódatos personales a otros clientes por correo electrónico.Biobiochile.cl. www.biobiochile.cl/2012/07/03/banco-de-chilereconoce-error-en-envio-de-datos-personales-a-traves-de-correoelectronico.shtml9 Jara Roman, S. (2009, May 26).Isapres hacen susdescargos en polémica por intercambio de informacióncon farmacias. Terra. economia.terra.cl/noticias/noticia.aspx?idNoticia=200905261057_INV_7809885410 Diario Financiero. (2013, March 27). Isapre Cruz Blanca sellaalianza con Farmacias Ahumada. Diario Financiero.11 https://en.necessaryandproportionate.org/textConclusionsOver the last several months, a great deal of publicattention has been focused on the capacities ofstates to gather and process personal informationand to conduct communications surveillance, whichsome have justified in the aftermath of terrorist attacksthat have replaced Cold War fears in the publicconscience. Such overreach of intelligence services,however, does not seem as easily justified by stateswhich do not face the threat of war, or have morepeaceful international relations. But in either case,personal information is still an important resourcefor different objectives.Chile has a personal data law which from the beginningseemed to be tailor-made for big companies,and which calls into question the ability of Chile’s legislatorsto address the problems that the informationage raises for the protection of fundamental rightsand freedoms. In practice, this means that personaldata in Chile is not as much under the control of thestate as it is in “no man’s land”, due to a weak set ofrights and paltry enforcement mechanisms. This situationforces those who are affected to go to court togain any effective penalties for abuses. These abuses,because they happen under the opaque practicesof private companies, are beyond public scrutiny.Several reforms to the law are currently beingdiscussed, while some others have resulted in minoradjustments. So far, no reform bill includes thecreation of an agency for the protection of personaldata, which would give citizens effective tools toprotect themselves from the constant abuses thatexist today; nor does any bill address the free-for-allin personal information databases that is currentlypart of the system. Numerous groups with corporateinterests seek to maintain the status quo, on thegrounds that they are defending the free flow of information,and are against all obstacles that a moreeffective system would create for entrepreneurship.How do principles of state surveillance applywhen it is not the action of the state that endangersor threatens the interests of privacy? Unfortunately,they do not impact directly as well as they do indirectly,by reaffirming the need for privacy safeguardsin any environment where the right to privacy is endangered(or any other fundamental right, for thatmatter). Because companies are, in this area, evenmore powerful than the state in their ability to affector impact on the population, actions aimed at thestate, while always convenient to ensure fundamentalrights and freedoms, seem less urgent than todemand a constitutional and legal framework thatensures such freedoms are also not subject to thewhims of private companies.Action stepsThe protection of fundamental rights and freedomsin this day and age demands action not only toconfront powerful states, but also to confront increasinglycomplex and powerful private entities.This requires strong action from civil society to, inthe first place, educate and empower people in therights that they hold, in order to enforce them andmake others respect them.Secondly, and addressing both private andstate power, campaigns should push for the implementationof changes to the law that recognise andenforce stronger privacy rights in different areas– not only to enact the principles that should framestate action for security purposes, but also to createrules that prevent abuse by private agents.Thirdly, constant effort is needed to ensure thatany legal provisions are fully compliant with internationalhuman rights standards and the constitutionalframework of Chile. This means, monitor back: demandinformation from public entities through transparencymechanisms, and demand active public oversight ofthe action of private agents regarding personal informationand private communications. Such strongaction will allow citizens to keep in check the threats toprivacy that are wrongly touted as legal or necessary.104 / Global Information Society Watch chile / 105