The Ibero-American Data Protection Network approves the updated Data Protection Standards for Ibero-American States

The Catalan Data Protection Authority participated in the 23rd Meeting of the Ibero-American Data Protection Network (RIPD), held in Cartagena de Indias, Colombia, from 26 to 28 May. This year's meeting addressed a range of topics, including the protection of children, the processing of personal data on foreign platforms, the relationship between personal data protection and innovation, and digital violence.

Within this framework, the update of the Data Protection Standards for Ibero-American States was approved. These standards constitute a set of guiding principles for developing regulatory initiatives on personal data protection in the region and are intended to serve as a benchmark for the modernization and updating of existing legislation.

The first version of the text was approved and presented during the 15th Ibero-American Data Protection Meeting, thereby fulfilling a long-standing objective shared by all member entities, as well as one of the agreements adopted at the 25th Ibero-American Summit of Heads of State and Government, held in October 2016 in Colombia.

Adapting to a Changing Context

The update responds to newly identified needs to strengthen the protection of rights in a context of constant innovation. In this regard, it acknowledges the lack of harmonization among Ibero-American States concerning the recognition, adoption, definition and development of the figures, principles, rights and procedures that give substance to the right to personal data protection within their national legislation. This situation currently makes it more difficult to address the new challenges arising from technological evolution and globalization across different sectors.

The objectives of the Ibero-American Standards include establishing a common set of principles and rights for personal data protection in order to achieve homogeneous rules throughout the region. They also seek to promote international cooperation among the supervisory authorities of Ibero-American States, as well as with supervisory authorities outside the region and with international authorities and organizations working in this field. Likewise, they aim to establish common foundations regarding international data transfers, facilitating the flow of personal data among Ibero-American States.

Declaration on Neurorights

In addition, during the meeting, the declaration entitled “Regulatory Challenges for the Protection of Neurorights and the Processing of Personal Data Using Neurotechnologies in Non-Healthcare Settings” was also approved. The declaration was drafted within the framework of the RIPD Working Group on Neurorights, in which the APDCAT participates.

The document states that there is currently a progressive advancement of techniques that enable the direct recording of the static and dynamic characteristics of the human brain and nervous system through automated technologies. These systems facilitate the digital processing of such information in order to infer data relating to human thought, even making it possible to modify both thought and behavior through direct interaction with an individual's neurological structure.

Beyond the healthcare sector, the text also warns of the growing incorporation into the market of consumer products and services based on these techniques in areas such as education, the workplace, entertainment and advertising, among others, as well as the increasing accessibility of these tools to non-specialized users.

In this context, the document aims to provide guidance for the development of legislative and other related regulatory instruments, such as recommendations, guidelines, manuals, resolutions or circulars, whenever neurotechnologies are used in the context of personal data processing. It therefore analyzes the related challenges and sets out commitments aimed at establishing a common framework of reference.