‘The Ecuadorian Personal Data Protection Bill is very much in line with the GDPR’

Early April, the Personal Data Protection Bill was approved by the National Assembly of Ecuador's Commission on Sovereignty and International Relations. It will be debated for a second time in a plenary session. Several modifications have been made and we discuss the principal ones with Pablo Solines, partner at Ecuadorian law firm Solines & Asociados.

Posted Friday, April 30th 2021
‘The Ecuadorian Personal Data Protection Bill is very much in line with the GDPR’

Leaders League. What were the main changes made to the Personal Data Protection Bill?

Pablo Solines. The Ecuadorian Personal Data Protection Bill has gone through a socialization process that has lasted more than three years. During this process, many social sectors linked to data protection have participated and presented their observations.

The bill has incorporated many of these observations, resulting in a document that takes into account the main aspects of data protection according to international standards.

The bill recognizes an independent data protection authority, which is a prerequisitefor the system to work. In addition, it recognizes several rights of data holders, such as: access, rectification, cancellation, opposition and portability, in line with international standards. For the private sector, the sanctioning system is related to a company’s level of sales ; therefore, the penalty will be higher if sales are higher.

As an expert in the field would you say that it is a good bill? 

I think it is a good bill, although some aspectscan still be improved on. It could be more precise in some concepts and definitions, such as the law on material application and the sanctioning system both for the private and public sectors, among other aspects.

The bill is very much in line with the GDPR, which is a highly sophisticated regulation.

Have you identified any important issues that are missing from the bill?

I think that the project should tighten up the definition of regulations covering personal data treatments coming from public accessible sources; likewise, it could contain clearer regulations regarding sensitive data and special categories of data; it should enhance regulation in the sanctioning system, among other aspects.

What will be the main impact for your clients and all the companies that have to comply with this bill?

Companies must implement various internal processes and technical, organizational and security measures, to comply with the law. I think this is positive because companies will begin to have adequate data protection policies; this will generate more confidence among consumers and foreign partners, which will lead to more and better business and transactions. With peace of mind that this bill provides there will be more data transfers, which will also be more accurate.