DLA Piper Intelligence

Data Protection
Laws of the World

Law

Venezuela
Venezuela

Venezuela does not have any general legislation regulating data protection. However, there are general principles established in the Constitution of the Bolivarian Republic of Venezuela (the 'Constitution') and developed by Supreme Court decisions.

The Constitution establishes certain principles which serve as framework for the protection of personal data, because their purpose is to safeguard the honour, private life, intimacy, self-image, confidentiality and reputation of people. The Constitution also establishes the right of access to information and data.

Article 28 of the Constitution guarantees everyone access to the information and data on themselves, stored in public or private registries, and the right to be aware of the uses of such information, as well as the right to update, rectify or destroy incorrect information that unlawfully affects their rights.

The Constitutional Chamber of the Supreme Court of Justice has acknowledged the possibility that a person or entity may collect and maintain information on individuals and their goods/purchases, arranged in such way that a profile of individuals, their activities, or their goods can be made, with the purpose of using them for the benefit of the collecting entity or of third parties, provided that all constitutional rights are respected, and in particular the ones established in Article 28 of the Constitution. Whoever collects and records information on individuals and their goods, must respect the right of every person to protect his honor, private life, intimacy, self-image, confidentiality and reputation, which is granted in Article 60 of the Constitution.

Also, in accordance with a binding decision of the Constitutional Chamber, any person who collects and manages personal information must guarantee the following principles:

  • Principle of free will
  • Principle of legality
  • Principle of purpose and quality
  • Principle of temporality or conservation
  • Principle of accuracy and self-determination
  • Principle of security and confidentiality
  • Principle of guardianship
  • Principle of responsibility (collectively called the 'Principles').

There are also specific provisions concerning data protection with limited scope of application, contained in the Banking Institutions Law and the Special Law against Cybercrime.

Last modified 24 Jan 2017
Law
Venezuela

Venezuela does not have any general legislation regulating data protection. However, there are general principles established in the Constitution of the Bolivarian Republic of Venezuela (the 'Constitution') and developed by Supreme Court decisions.

The Constitution establishes certain principles which serve as framework for the protection of personal data, because their purpose is to safeguard the honour, private life, intimacy, self-image, confidentiality and reputation of people. The Constitution also establishes the right of access to information and data.

Article 28 of the Constitution guarantees everyone access to the information and data on themselves, stored in public or private registries, and the right to be aware of the uses of such information, as well as the right to update, rectify or destroy incorrect information that unlawfully affects their rights.

The Constitutional Chamber of the Supreme Court of Justice has acknowledged the possibility that a person or entity may collect and maintain information on individuals and their goods/purchases, arranged in such way that a profile of individuals, their activities, or their goods can be made, with the purpose of using them for the benefit of the collecting entity or of third parties, provided that all constitutional rights are respected, and in particular the ones established in Article 28 of the Constitution. Whoever collects and records information on individuals and their goods, must respect the right of every person to protect his honor, private life, intimacy, self-image, confidentiality and reputation, which is granted in Article 60 of the Constitution.

Also, in accordance with a binding decision of the Constitutional Chamber, any person who collects and manages personal information must guarantee the following principles:

  • Principle of free will
  • Principle of legality
  • Principle of purpose and quality
  • Principle of temporality or conservation
  • Principle of accuracy and self-determination
  • Principle of security and confidentiality
  • Principle of guardianship
  • Principle of responsibility (collectively called the 'Principles').

There are also specific provisions concerning data protection with limited scope of application, contained in the Banking Institutions Law and the Special Law against Cybercrime.

Last modified 24 Jan 2017
Definitions

Definition of personal data

There is no legal definition of 'personal data' established in any particular law.

Definition of sensitive personal data

There is no legal definition of 'personal data' established in any particular law.

Last modified 24 Jan 2017
Authority

Venezuela does not have a national data protection authority. Some agencies have data protection authority within their specific jurisdiction, for instance, the Superintendence of Banks and the National Telecommunications Commission.

Last modified 24 Jan 2017
Registration

There is no legal requirement to register databases.

Last modified 24 Jan 2017
Data Protection Officers

There is no legal requirement to appoint a data protection officer.

Last modified 24 Jan 2017
Collection & Processing

Based on principles set forth by case law (specifically the principle of free will) and the Constitution, there is a requirement to obtain prior consent to collect, use, and transfer personal data submitted by a data subject. Based on the same principle, consent may be revoked at any time.

Pursuant to the Constitution, everyone must be granted access to information and data on themselves, stored in public or private registries, and every person has the right to be aware of the use of such information, as well as the right to update, rectify or destroy incorrect information that unlawfully affects their rights.

Also, in accordance with a binding decision of the Constitutional Chamber any person who collects and manages personal information must guarantee the following principles:

  • Principle of free will
  • Principle of legality
  • Principle of purpose and quality
  • Principle of temporality or conservation
  • Principle of accuracy and self-determination
  • Principle of security and confidentiality
  • Principle of guardianship
  • Principle of responsibility (collectively called the 'Principles').
Last modified 24 Jan 2017
Transfer

Transfer of data to third parties would be subject to the provisions set forth by the Constitution and by case law, including confidentiality and security obligations, and appropriate measures should be taken in order to obtain the necessary consents prior to such data being distributed.

Last modified 24 Jan 2017
Security

Under banking regulations, banking institutions in Venezuela are prohibited from disclosing personal information unless consent is obtained, in writing. Also, data controllers must take reasonable technical and organizational measures to ensure the security of personal data.

Last modified 24 Jan 2017
Breach Notification

There is no legal requirement to report data security breaches. However, according to the Banking Institutions Law and its regulations, the notification of personal data breaches may be provided by the Superintendence of Banks to affected users or their authorized representatives.

Last modified 24 Jan 2017
Enforcement

There is no data protection authority in Venezuela. Enforcement can occur through administrative procedures, criminal procedures, individual civil lawsuits and class actions, which can be initiated by the affected individual or by public authorities. Some agencies have data protection authority within their specific jurisdiction, for instance, the Superintendence of Banks and the National Telecommunications Commission.

Last modified 24 Jan 2017
Electronic Marketing

There is no law that specifically regulates electronic marketing. However, in November 2014, the National Assembly approved, in first reading, the bill on Electronic Commerce. This Law intends to establish security and data protection requirements, protections for online transactions, security of payment information, and restrictions on use of information and data collected in an e-commerce context.

Also, the Law states that any provider of goods or services shall ensure people's privacy and the confidentiality of information involved in transactions, so that information exchanged is not accessible to unauthorized third parties.

Last modified 24 Jan 2017
Online Privacy

There is no law that specifically addresses online privacy or cookies. However, the Special Law against Cybercrime establishes a penalty of imprisonment and fine if any person intentionally uses, amends, alters or discloses by any means, without the consent of the system owner, the data or personal information contained in a computer or in any other technological system.

Last modified 24 Jan 2017
Contacts
María Cecilia Rachadell
María Cecilia Rachadell
Founding Partner
T +58 (212) 2662613
Gabriella Rachadell
Gabriella Rachadell
Partner
T +58 (212) 2662613
Alessandra Chumaceiro Briceño
Alessandra Chumaceiro Briceño
Attorney
T +58 (212) 7501200
Last modified 24 Jan 2017