Skip to main content
Back to content
Get alerts

Help keep the internet open and secure

Subscribe to our action alerts and weekly newsletter

"*" indicates required fields

This field is hidden when viewing the form
This field is hidden when viewing the form
Name
This field is for validation purposes and should be left unchanged.

Your info is secure with us.

  • Follow Us
  • Like us
  • Follow us
  • Facebook
  • Twitter
  • Instagram
  • YouTube
  • LinkedIn
Access Now
  • News & Updates
    • Get the latest

      news
      Expert insights

      Get the latest analysis, issue explainers, and community updates

      Press releases

      Our announcements, open letters, and statements

      Access Now in the news
      In the news

      Find us engaging media outlets around the world

      publications
      Publications

      Read our expert reports and recommendations

      Events
      Events

      Join us in our community events on and offline

  • Take action
    • Featured campaigns

      #KeepItOn

      Fighting internet shutdowns around the world

      Election Watch

      Keeping watch around key elections around the world

      The #WhyID global campaign
      #WhyID

      Putting people first in digital ID systems

      More campaigns

      #MigrarSinVigilancia

      #FreeAlaa

      Transparency Reporting Index

      #ProtectNotSurveil

      More

      RightsCon: our digital rights summit

      Rightscon logo 2024
  • Our work
    • Featured

      Surveillance
      Surveillance

      Fighting the spread and abuse of dangerous spying tools

      Content governance
      Content governance

      Rights-based approaches to online content

      Data Protection
      Data protection

      Protecting people’s personal information online

      Internet shutdowns

      Fighting to #KeepItOn around the world

      More issues

      • Artificial intelligence
      • Cybersecurity
      • Digital identity systems
      • Digital security
      • Freedom of expression
      • Privacy
      • Protest and online organizing
      • Transparency
  • Get help
    • Get immediate help

      help
      Digital Security Helpline

      We provide 24/7 technical support for activists, journalists, and human rights defenders around the world.

      Recent guides

      Digital safety guide for LGBTQ+ activists in Africa

      Internet shutdowns and elections handbook

      Digital safety tips if you are disconnected

      All Guides

      Access Now Grants

      Grants
  • About us
    • Get to know us

      Our mission

      Defending and extending digital rights of people and communities at risk around the world

      Partnerships

      We bring together key stakeholders to catalyze engagement

      Our team

      Meet the experts leading our work around the world

      Access Now in the news
      Our board

      We value the diverse perspectives and guidance from our distinguished board

      Quick links

      Defend and extend digital rights around the world

      Support us

      Funding & financials

      Careers

      Legal

Home / Posts / Chile’s “Spy Decree” threatens to make data retention even more dangerous

Chile’s “Spy Decree” threatens to make data retention even more dangerous

PUBLISHED: 3 October 2017LAST UPDATED: 13 January 2023

In Chile, a new decree seeks to expand laws that force internet service providers to keep personal data. It would extend the period that the information must be retained and add new categories of data to store. Forced data retention has become popular in some Latin American countries, and this new decree raises a red flag for privacy in the region.

The “Spy Decree”

In August 2017, the Ministry of Internal Affairs and Public Security (the Ministry) issued Decree 866 which seeks to modify Article 222 from the Code of Criminal Procedure. The article states that all ISPs must retain IP address information showing the websites you visit — including the date, time, and duration of the visit — for one year, and must keep these records available for the judiciary. The objective of mandatory data retention is to preserve information that could be useful for future criminal investigations. The problem is that it creates a massive, disproportionate surveillance mechanism for the web browsing activity of millions of people, not because they are under suspicion for any crime, but “just in case.”

The new decree would go even further. First, it would force providers to retain more types of data: your financial data related to telecommunications services; your name; your telephone number; your IP addresses; the date, hour, and duration of your communications (of all sorts); your device information; and your geographic location history. Moreover, all of the information would be stored not for one year, but two.

This decree is extremely dangerous for user privacy, since it expands data retention to encompass all of your communications activity in Chile. It is a system for mass surveillance, designed in a way that is clearly both disproportionate and unnecessary, without further explanation.

In addition to all of this, according to the digital rights group Derechos Digitales, the decree also lacks the due formalities. According to Chilean national legislation, the suitable mechanism for modifying a national code should be a law, not a decree. This means that the decree may be unconstitutional. In any case, it bypasses consideration in Chile’s Congress and the open and democratic discussion that the issue deserves.

How mandatory blanket data retention threatens human rights and digital security

Even though the data stored under the bill’s authority does not include the content of your private communications, studies show that analyzing contextual information about communications — also called “metadata” — can reveal sensitive information about you.

For this reason, the European Court of Justice ruled in 2014 that the European Directive on Data Retention was not valid since it did not meet the human rights standards of necessity and proportionality. Similarly, the Inter-American Court of Human Rights declared that storing communications metadata is illegal.

Collecting massive amounts of users’ personal information, whether by the government, mobile operators, or third-parties, also poses a cybersecurity risk. Such databases are an attractive target for criminals. That’s why collection of personal data, when it is justified, should be reduced to the minimum necessary — instead of encouraged — so that if data breaches happen, the damage is minimized.

Finally, as digital rights activist Paz Peña explains in her post series about metadata, there is no proof that data retention has a significant effect in criminal investigations versus traditional targeted surveillance. This shows that the benefits of mass data retention are not clear, while the risks for users’ privacy and digital security are real.

Latin America is on a regressive path 

Sadly, Chile is not the only Latin American country with a blanket data retention mandate.

Former Peruvian president Ollanta Humala established mandatory blanket data retention in 2015. Legislative decree 1182 gives the national police direct access to the location of electronic devices in real time, and requires ISPs to store users’ metadata for three years.

Similar mandates, with some differences in procedure and duration, are also in effect in Mexico, Colombia, and Brazil.

Finally, there have been proposals to implement data retention mandates in other countries, like Paraguay. In November 2014, the government proposed a data retention bill, which was renamed as “Pyrawebs Bill” by the local community. Although the bill didn’t pass, local organization TEDIC still worries about its return since there is no comprehensive data protection legislation in place yet in Paraguay.

What now?

As it stands now, the Comptroller General Office of the Republic of Chile (CGR) is still evaluating decree 866. Local digital rights advocates Derechos Digitales, Instituto Chileno de Derecho y Tecnologías, and Fundación Datos Protegidos delivered documents that explain the human rights issues at stake in the decree.

Help us keep an eye on them

Follow the conversation online with the hashtag #decretoespia on Twitter, and join digital rights groups in calling on the Comptroller General of the Republic to reject this dangerous decree. We will keep you posted.

 

Javier Pallero
@javierpallero
Veronica Arroyo
@veroluiza
  • Data Protection
  • Digital Security
  • Privacy
  • Brazil
  • Chile
  • Colombia
  • Global
  • Latin America & the Caribbean
  • México
  • Perú
  • Data privacy
  • Metadata
  • Pyrawebs
  • Contact
  • Careers
  • How we use your data
  • Media usage
  • Code of Conduct
  • Site Terms of Use

Crafted by Cornershop Creative

  • Facebook
  • Twitter
  • Instagram
  • YouTube
  • LinkedIn

Help keep the internet open and secure.

Subscribe to our action alerts and weekly newsletter

"*" indicates required fields

This field is hidden when viewing the form
This field is hidden when viewing the form
Name
This field is for validation purposes and should be left unchanged.

Your info is secure with us

  • X
  • Facebook
  • Instagram
  • YouTube
  • LinkedIn
  • TikTok