Have you ever wondered why certain businesses “give away discounts” for loyalty cards[1]? Or why they offer information, webinars, goods or services in exchange for filling in a form? In most cases they are not giving anything away, they are charging you for your data. Once the information is processed, it is analysed for exploitation. This data processing must comply with the principles of quality, lawfulness, fairness, security and purpose in accordance with the constitutional right to privacy and personal honour.
Among the most common data that we provide, consciously or mostly unconsciously, is our name, email address, IP location, banking information, purchase and tax records, medical data, educational information, political leanings, religious beliefs, digital files, consumer interests, preferences, among others. Once obtained, these data can be used by third parties for economic and advertising purposes.
We find ourselves in a scenario where the digitalisation of processes, teleworking, the use of websites, social networks and e-commerce have increased exponentially over the years and more recently as a result of the social distancing brought about by the Covid-19 health crisis. The urgent need to implement platforms and systems for teleworking meant that security measures were made more flexible, both from state bodies and private companies, in order to continue working from home, making data more accessible, since in all the aforementioned processes, traces and personal data are shared.
It makes good sense to exploit data, especially in a context of global economic crisis, where it is essential for companies to maximise profits and minimise costs. So the exploitation of data analytics has become a strategic trend for commercial decision making and advertising audience targeting. It is no coincidence that, among the most valuable brands worldwide, Google, Apple, Amazon, Netflix and Facebook, to name but a few, manage, process and exploit data.
However, these processes have led to a state of vulnerability in relation to sensitive or confidential information. The misuse of data can jeopardise the security, finances, privacy, reputation, among other rights of individuals and companies. In addition to the fact that the way to settle this type of conflict is through the courts in accordance with Dominican regulations, and that this in turn implies formalities, costs, lack of specialisation and, in particular, a long period of time to obtain a decision in the cases (which does not correspond to the speed with which data protection offences are committed). We refer to the fact that, in order to achieve the updating, opposition to the processing, rectification or destruction of data, it is necessary to access the Dominican courts without having an administrative or legal process for such purposes.
From this arises the need for states to adapt to protect citizens with appropriate data protection regulations and the corresponding monitoring by a specialised public administration. Innovation cannot be an excuse for violating the right to privacy. We already have many examples of countries that have implemented a data protection regulation that allows protection from the analogue and digital sphere; and establishing a body with the technical capacity to handle and settle related cases.
In the specific case of the Dominican Republic, data protection is set out in the Constitution of the Republic, and specifically in Law No. 172-13, which aims at the comprehensive protection of personal data recorded in files, public records, data banks or other technical means of data processing intended to provide information, whether public or private. However, its focus is only on the regulation of financial intermediation and credit institutions, recognising the Superintendency of Banks with broad powers to supervise data protection in these markets. Consequently, it is not sufficient, because the appropriate parameters for the processing, use, collection, storage, transfer and disposal of data that do not belong to the financial sector are not covered.
From the state’s point of view, there is a need to regulate a business that promises to be highly lucrative. If it is not adequately regulated, it can lend itself to violations of constitutional rights of privacy, intimacy, personal honour and, in the case of large companies, abuses of dominant position. It impacts so many interests (individual and collective) that it cannot be disregarded. Therefore, it is up to Dominican legislators to provide the corresponding regulatory framework and for citizens to review it in a timely manner so that our rights are properly protected.
By: Aidaluz Pimentel Báez
Associate of the Intellectual Property and New Technologies Division
[1] Loyalty card: a benefit, discount or points card. They serve as a means of rewarding, rewarding or offering discounts to the cardholder when he/she consumes certain products or volume.
Reference taken from: Angel Herrero, Ignacio Rodriguez and Andrea Perez Ruiz.“Tarjetas de fidelización en comercio Minorista“, University of Cantabria, 2009. Available at: https://www.mercasa.es/media/publicaciones/41/pag_050-063_tarjetas.pdf on date: 12/12/2020.