Editorial: Data Protection in Costa Rica

By: Federico Jankilevich

Copyright 2017 – All Rights Reserved

Habeas Data and Privacy are at an all time high as companies race to compete against other companies for the best database, the most efficient real-time retrieval systems and the most up to date client information. In the midst of the chaos that key client information processing entails; small, medium and large companies need to become more aware of the due precautions that are necessary to protect themselves from careless employees and angry customers. Under such terms, there are three key stages of information processing that must be meticulously observed:

1) Registration

2) Processing

3) Deletion

There are also three basic instruments that cater to what most companies should undertake when undergoing regulatory compliance : 1) Review of Title 8968 (July 7th, 2011): Data Protection of an Individual’s Personal Information (“Section 8968: 2011”) 2) The Guidelines issued by Executive Decree No. 37554-JP (“DE-375554- JP: 2013”) as a result of the law (Reglamento a la Ley 8968) 3) The Relevant Digests drafted by The Courts pertaining the companies’ key fields of practice (Online:https://ww w.prodhab.go.cr: 2017).

In order to ensure that the registration, processing and update of data is compliant with the legal requirements of these new legislative instruments its important to register the database before PRODHAB. This institution is presently adscribed with maximum devolution to the Department of Justice and is in charge of acting as a comptroller for Data Protection and Privacy in Costa Rica. Not duly registering a database to ensure that it is compliant, may result in administrative sanctions for the companies that manage electronic client databases.

PRODHAB presently upholds strict regulatory compliance practices in terms of Data Protection and Privacy. Extensive reforms have been completed over the past couple of years since its inception to make standards more demanding and bureaucratic for companies with databases. As a result, businesses registering their databases before the regulatory body should also take into account Executive Decree No. 4008-JP (2016). Lawyers and Companies alike must now bear in mind that: 1) An independent clause must be stipulated in civil and commercial contracts for Data Privacy 2) There must be a differentiation between domestic and internal databases 3) There are now more stringent regulatory compliance controls for Economic Interest Groups.

In light of the previously stated, its possible to infer that Costa Rica is not going to become more competitive when it comes to Data Privacy, unless it makes a drastic turn in terms of bureaucratic adjustments. The Global Competitiveness WEF Final Ranking for 2016-2017 places Costa Rica as the 54th country on the planet (Online:http://www3.wefor um.org/docs/: 2017). It can be inferred that the country has improved by almost a quarter from its previous 74th ranking of less than a decade ago. Nevertheless, the country reflects a low number in terms of Macroeconomic Development for the last surveyed results (82nd). Therefore, from the above-stated its possible to conclude that the PRODHAB initiative is on one hand an asset and a contribution to private citizens, but the wrong strategic decision in the wrong moment for the growth and development of local businesses.

As a result of the latter, a healthy conclusion is to reflect upon the model implemented by the Costa Rican Government to resolve Data Protection and Privacy in terms of how it affects businesses. Is PRODHAB the most adequate solution?

Can a different solution that is better for SMBs, and larger companies be implemented more efficiently?

A survey of South-American legal models suggests the legislative incorporation of Habeas Data as a solution to Data Protection and Privacy. While Roman-Law countries such as Argentina, Chile or Uruguay have a model based upon decades of legal tradition in Habeas Data, the Costa Rican legal custom has lead the Courts to abstain from implementing such model. The legal figure per se is not coded in the Costa Rican bodies of law.


Thus, it can be inferred from the above-stated that the present legislative instruments in place could function as a temporary solution to the prevailing South American model in South American Courts. It can also be deduced that, in order for Costa Rica to become legally homologous to its Roman-Legal counterparts it should probably develop a Habeas Data instrument. In this sense, the formally recognised solution in Europe, South America and most of the Roman Legal World is Habeas Data. Therefore, in proper legal practice and in order to achieve Court-Neutrality,  a review Habeas Data and PRODHAB could prove beneficial for the long-term.

Leave a Reply

Your email address will not be published. Required fields are marked *