Regulation updates
      Back to home
      1. Knowledge base
      2. Regulation updates

      February 2023 - Israel, Argentina, Colombia, Chile, Peru, Uruguay and Ecuador

      Israel - PPL 

      On January 31st, 2011, the Official Journal of the European Union published its decision about the European Commission recognizing Israel's data protection law and practices as providing adequate protection. Following this decision, Israel was listed along with other countries, where the personal data of European citizens could flow without restrictions. 

      Protection of Privacy Law ("PPL") was founded in 2006 and is active today, and mainly dictates the rules to protect the personal information held in digital databases. In addition, it also establishes restrictions on direct mailing and provides the data subject with some rights concerning their data: 
      - Right to be informed
      - Right to access
      - Right to correct inaccurate information
      - Right to opt-out 

      You can find out more about reviewing and managing data subject requests here.

      Currently, there are no specific rulings on the placement of cookies. However, on January 5th, 2022, the Israeli government introduced an amendment to a PPL, which, when enacted, will align the law with the General Data Protection Regulation principles. The Clym Team is closely monitoring the updates.

      Argentina - PDPL 

      Another country recognized by the European Commission as providing adequate protection is Argentina. Personal Data Protection Act (Ley de Protección de los Datos Personales, also known as "PDPL") entered into force on November 2, 2000. 

      There are several provisions regulating the placement of cookies. First, as all personal information directly or indirectly identifying a natural person is considered personal data, it shall only be processed based on the consent of a person to whom data belongs. There are several exceptions, but they shall not apply to cookies unless they are placed for statistical purposes only, and it is impossible to identify a natural person. Nevertheless, notice informing data owners that their data is being collected and shall provide purposes of processing and information about the right to opt-out and how to execute it. 

      A natural person has the following rights concerning their data: 
      - Right to information 
      - Right to access 
      - Right to correct inaccurate data 
      - Right to delete personal data. 

      Colombia - Law 1581

      Law 1581 of 2012 is Colombia’s data protection law ("Law 1581"), which was enacted in 2012 and accomplished with the Regulation of the Data Protection Act of June 27, 2013, and joined Argentina, Mexico, and other countries in the region in regulating data handling practices. CDPA followed the General Data Protection Regulation's model, already proposed at that time. 

      CDPA does not directly regulate cookies' placement and tracking. However, the Superintendence of Industry and Commerce issued administrative decisions stating that cookies installed in devices of individuals located in Colombia are a means to collect personal data. Legal grounds for personal data processing are consent from a person, provided that users received a notice and clearly understood their rights, the purpose of collection, and information on how to request access and correction of their personal data. 

      CDPA provides the owner of personal data with the following rights: 
      - Right to information 
      - Right to access 
      - Right to correct inaccurate data 
      - Right to delete personal data. 

      Clym speaks many languages. Review our guidelines here to find out how to change your widget's default language. 

      Chile - CLPP

      Chile law is less comprehensive than the laws of Argentina and Colombia. 

      Law on Privacy Protection ("CLPP") published on the 28th of August 1999 regulates the processing of personal data, breaches reporting, and provides some data subject rights. It also includes a summary procedure explaining that if the responsible for the personal data processing fails to respond to a request for access, modification, elimination, or blocking of personal data, it can be overseeded in the general court. 


      It does not explicitly regulate the cookies' placement and data collection for advertisement purposes. 

      Peru - LPDP 

      The Law on Personal Data Protection of Peru ("LPDP") was published on July 3rd, 2011 and later amended by Supreme Decree No. 003-2013-JUS posted on March 22nd, 2013 and Legislative Decree No. 1353 on January 7th, 2017. Following those updates, the law has become comprehensive, and in many aspects, it is aligned with the General Data Protection Regulation. Peruvian Data Protection Authority is authorized to monitor compliance and enforce the law. 

      Data subjects are entitled to the following rights: 
      - Right to be informed 
      - Right to access 
      - Right to correct inaccurate information 
      - Right to delete personal data 
      - Right to data portability 
      - Right not to be subject to automated data processing 

      There are no specific rules around cookie placement. However, collecting personally identifying information would fall under the local data protection law and regulations. It means that at the time of data collection, data owners should be notified and informed about the use of personal information (including cookies). 

      Uruguay - PDPL (Law 18,331)

      The Eastern Republic of Uruguay is another country in South America, after Argentina, recognized by the European Commission as providing adequate personal data protection. 
      La Ley N° 18.331 de Protección de Datos Personales y Acción de Habeas Data ("PDPL") was passed in 2018. It is also worth mentioning that Uruguay was the first non-European country to ratify Convention 108, enforcing a right to privacy, among other things. 

      Data subjects are granted rights to obtain information about the data collected, request access, and rectify and delete their personal data. 

      Unidad Reguladora y de Control de Datos Personales (Unit for the Regulation and Control of Personal Data), which is invested with powers of investigation, intervention, and sanction in line with Article 28 of Directive 95/46/EC, issued guidelines on cookies' collection and profiling. It states that those who use cookies shall seek the data subject's consent and inform the user about the use of cookies and the purposes of the processing. 

      The Insights area of your dashboard helps to provide statistics and data about your website visitors, data subject requests, and consents provided. Click here to find out more. 

      Ecuador - LOPDP

      Ecuador enacted a Personal Data Protection Law ("LOPDP") not so long ago, on 26 May 2021. Generally, the law reflects principles outlined in the General Data Protection Regulation. The requirements of the privacy policy are as comprehensive as those effective in the EU, if not more, and data subjects are granted the same set of rights: 
      - Right to be informed 
      - Right to access the data 
      - Right to correct inaccurate information 
      - Right to delete personal data 
      - Right to oppose or refuse the processing 
      - Right to data portability 
      - Right not to be subject to automated decision processing 


      The law does not explicitly address cookies' placement. Nevertheless, businesses are required to inform data owners that their data is being collected (including through cookies) and allow them to reject the collection. 

      If you encounter any challenges, please reach out to us at support@clym.io.