Costa Rica Adopts Data Protection Legislation
On 5 September 2011, Costa Rica adopted a new data protection law, the “Law on the Protection of Individuals Against the Processing of Personal Data”. The Law aims to protect the fundamental right to information self-determination of any person, regardless of nationality, residence or domicile. Costa Rica is now the seventh country in Central and Latin America with such data protection laws (in addition to Uruguay, Mexico, Colombia, Peru, Chile and Argentina).
The Law applies both to automatic and manual processing in the private and public sectors. It incorporates the “Habeas Data”, i.e., the constitutional right of individuals to request access to any personal data held about them in a database and ask it to be corrected or deleted, into a stronger, EU-style privacy regime.
The Law also creates a new data protection authority within the Ministry of Justice of Costa Rica, named the “Citizen’s Data Protection Agency”, or “Prodhab”, which is tasked with enforcing the Law.