On June 7, 2011, the Congress of the Republic of Peru passed the Personal Data Protection Law (Ley de Protección de Datos Personales, Proyecto de Ley 4079/2009-PE).  If signed into law, the bill would make Peru the newest member of the group of Latin American countries with EU-style omnibus privacy legislation.  The broad-ranging legislation would do the following, among other things:

  • Establish fundamental principles governing the processing of data: legality, consent, proportionality, integrity, security, enforcement and (for cross-border transfers) adequate level of protection
  • Require consent for the processing of personal data
  • Restrict the monitoring of communications
  • Restrict the cross-border transfer of personal data
  • Give data subjects the rights of rights of access, correction, inclusion, correction, deletion, objection and opposition, as well as the right to objective processing
  • Establish the National Personal Data Protection Authority within the Ministry of Justice and give it the power to impose sanctions for noncompliance with the law

View a copy of the Personal Data Protection Law (in Spanish) as passed on June 7, 2011.  The underlined text indicates the modifications to the initial June 2010 draft that were proposed by the Congressional Commission of Justice and Human Rights earlier this year.  The BNA Privacy Law Watch reports that Peruvian President Alan García is expected to sign the law before his term ends on July 28, 2011.