Our partner, Rodrigo Albagli, and director of the Compliance Group, Yoab Bitran, talked to LexLatin and shared their vision of the upcoming challenges for legal departments and the main developments in the region.
With the aim of creating a starting point for analyzing the implementation of data protection policies in the region, the Compliance Latam platform published the Comparative Guide on Personal Data Protection.
The document, which brings together the main standards, legislative advances and regulatory challenges of multiple Latin American jurisdictions, demonstrates that privacy, compliance and competitiveness are not separate spheres, but complement each other as pillars of sustainable and responsible business management.
According to the report, the challenge for companies operating in Latin America is transversal: to translate regulatory compliance into business value and make it part of the organizational DNA.
“The guide was born as a response to the needs of legal and compliance teams, and was created by leading firms in the region that are part of the Compliance Latam network. The initial trigger was to identify regulatory developments in data protection and then provide a comprehensive look at each of the jurisdictions. We did this with the same spirit that brings the network together: to create value for our clients through the active collaboration of all members,” shares Rodrigo Albagli, partner of the Chilean law firm Albagli Zaliasnik.
Uneven standards, weakened enforcement and a common denominator: bringing privacy to the heart of organizational culture
Despite the institutional differences among the countries studied, there is one common denominator on which they all agree: the protection of privacy as a fundamental right.
“All jurisdictions recognize that personal data should be treated in accordance with key principles such as legality, transparency, data minimization and confidentiality. They also recognize the importance of the rights of data subjects, such as access, rectification, cancellation and opposition (ARCO). These principles seek to ensure that data processing is always adequate, relevant and proportional to the purpose for which it was collected and that individuals have control over their own data,” says Marlyn Narkis, a partner at Panamanian law firm MDU Legal.
Now, arguably, the main gap is not in the design of the laws, but in their implementation.
Yoab Bitran, head of Albagli Zaliasnik’s compliance group, warns that the region suffers from a structural problem: lack of enforcement.
“While several countries have new regulations in line with better global standards, we have very few cases and very few sanctions. What generates change is enforcement rather than enactment; without enforcement, there is no real change,” the expert remarks.
In this regard, he stresses that the institutional framework is an asset that differentiates countries such as Chile, Uruguay or Costa Rica, which show greater legal predictability.
“As a general rule, compliance can only advance when there is rule of law, institutionality and freedom. Therefore, there is an unspoken correlation: those countries that have greater difficulties in these matters are the ones that are more backward in terms of compliance,” he explains.
In the specific case of Chile, the lawyer recognizes that the regulatory progress is a model for the whole region, but that the trans-Andean country does not escape the reality of other countries in terms of its application.
“The authorities in charge of overseeing and prosecuting infractions or crimes have requested greater resources, both human and economic, to be able to carry out their work. In terms of institutionality and business environment, Chile continues to maintain a certain level of regional leadership and continues to lead in most rankings,” says Bitran.
Compliance beyond borders
According to Marcelo Coimbra, founding partner of the Brazilian law firm FCR Law, the Comparative Guide on Personal Data Protection enables companies to anticipate risks, make informed decisions and adapt compliance policies to multiple jurisdictions.
“For companies with transnational operations, having this benchmark facilitates not only expansion, but also proactive compliance management in a challenging and diverse legal environment. Regional expansion is only viable if there is proactive compliance management, and that is the basis for the legal certainty that global investors and businesses demand,” he says.
Leon Weinstok, director of the Costa Rican law firm BLP, adds that “the challenge is to achieve an efficient data protection model that respects the rights of individuals, that dialogues with international standards and that is applicable to the operational reality of each country”.
Organizational culture, the great ally
The members of the Compliance Latam network agree that the real challenge is not legal, but cultural. So what is the role of law firms when it comes to accompanying the implementation of compliance programs?
Esteban Davila, senior associate at Ecuadorian law firm Bustamante Fabara, argues that the role of law firms should be strategic, not just regulatory.
“Our function is to translate data protection into reputation, competitiveness and trust. Therefore, we must focus on translating standards into business value, drive leadership from top management, design a pragmatic data governance program and promote a data culture,” he believes.
From his experience, Davila believes that law firms should explain how personal data protection not only mitigates legal risks, but also strengthens market reputation and trust, generates sustainable competitive advantages and aligns data management with business objectives.
“Law firms must raise awareness and train the C-level, positioning privacy as a strategic issue. This implies, for example, participating in corporate governance committees, presenting legal impact analyses aligned with business KPIs and showing regulatory precedents that evidence the direct responsibility of senior executives,” he recommends.
Salvador Bartolomé, partner of the Spanish law firm Bartolomé & Briones, agrees that law firms have a key role as facilitators and promoters of a culture of regulatory compliance and data protection within organizations.
For the expert, the role of law firms involves bridging the gap between the real and the legal: “The work of law firms should not only be limited to legal advice, but should also take into account practical, organizational and strategic aspects specific to each organization, necessary to ensure compliance with current regulations, facilitating the practical application of compliance and data protection policies”.
Why is personal data no longer an invisible asset?
In the digital economy, personal data is more than data, it is reputational capital, regulatory risk and competitive advantage.
“Top management engagement is not optional, but it remains one of the weakest points of the business ecosystem in Latin America. Raising awareness, training and convincing executive leadership is part of the task of legal and compliance teams,” reinforces Yoab Bitran.
It is clear: if privacy does not enter the strategic agenda, it will hardly consolidate as a corporate value.
