The approval of the first international instrument on automatic processing of personal data is commemorated on January 28. Its full name is the Council of Europe Convention for the Protection of Individuals with regard yo the automatic Processing of Personal Data (Convention 108), its Additional Protocol was signed in 2001. The Mexican State is part of the Convention 108 since 2018[1].
However, that same year the Council of Europe considered it necessary to modernize that instrument, in order to meet the challenges arising from the use of new information and communication technologies; opened it for signature in October 2018: it has 36 state signatures and only ratifications, the Mexican State is not part of this update.
It is appropriate to remember that the processing of personal data, especially in the current context of full automation, implies the provision of natural person privacy and this makes it essential to adopt regulations or measures. That may prevent technology from being a vehicle to attack a pillar of contemporary democracies: human rights.
The development of Artificial Intelligence demonstrates that its practice and knowledge has been systematized to such an extent that it speeds up and simplifies everyday tasksThere is precisely where personal data protection is key because some elements or circumstances in which data subjects rights may be weak or abused, given these developments, since data is the central source of artificial intelligence[2]. For example, virtual voice assistants are in transition to voice identification associated with the identity of the person, through the design of specialized software.
The right to personal data protection foresees the need to adopt measures that allow the development of new technologies to be guided from the design. Thus, the principle of responsibility recognized in the Federal Law on Protection of Personal Data Held by Private Parties[3] implies that in the planning of a technological product or service that involves the processing of personal data, the risks for the protection of such data should be foreseen, and that goes in accordance with the regulations. In this sense, physical, technical and administrative measures must be established, so it allows effectively the application of the principles, duties and obligations established in Law to the product from the design. Privacy by design allows reducing the risk of penalties, and raise customer confidence, in addition to complying with the Law. Production costs are also reduced by providing the possibility of detecting problems early.
SINCERELY,
Adolfo Athie
aathie@basham.com.mx
Renata Bueron
rbueron@basham.com.mx
Erika Rodriguez
erodriguez@basham.com.mx
Mexico City, January 28, 2020.
[1] https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/223/signatures
[2] Definition: https://ec.europa.eu/futurium/en/ai-alliance-consultation.
[3] Articles 14 and 19 Law, and 40, V, from its Regulations.
