Personal Data Protection Law of Chile and Its Cookie Consent Requirements

The Evolution of Data Privacy in Chile

Chile was one of the early adopters of data protection laws in Latin America, with its first major data protection law, Law No. 19.628, enacted in 1999. However, as technology evolved, this law became outdated, failing to address the modern challenges of the digital age, especially with the rise of big data, artificial intelligence, and complex online marketing practices.

The new Personal Data Protection Law of 2024 updates Chile’s legal framework to address these challenges, bringing the country in line with international privacy standards. This law introduces stronger requirements for consent, transparency, and data processing accountability. Most importantly, for businesses operating online, it now imposes explicit cookie consent requirements to protect user privacy in digital interactions.

What Is Cookie Consent and Why Is It Important?

Cookies are small text files that websites place on users’ devices to store information about their preferences, browsing activities, and other relevant data. While some cookies are essential for website functionality (such as keeping users logged in or remembering items in a shopping cart), others are used for tracking and profiling, often for marketing and advertising purposes.

Under the new Chilean law, the use of non-essential cookies—those not strictly necessary for the functioning of the website—requires explicit user consent. This is a significant shift from the earlier, more permissive environment, where websites often used cookies without obtaining clear and informed user permission.

The explicit consent requirement is essential because it gives users greater control over their personal data. Informed consent ensures that users are aware of the data being collected, how it will be used, and with whom it may be shared. With growing concerns over digital privacy and online tracking, requiring consent for cookies represents a proactive step toward safeguarding user rights.

Key Provisions of the Cookie Consent Requirement

The new cookie consent provisions are closely modeled on the European GDPR, which has set the global standard for data privacy laws. The core aspects of Chile’s cookie consent requirements include:

1. Opt-in Consent

Websites must obtain explicit user consent before placing non-essential cookies on their devices. This means that users should actively agree to the use of these cookies, rather than being passively tracked. Pre-checked boxes or implied consent through continued browsing are no longer acceptable.

2. Clear and Transparent Information

Websites must provide clear and accessible information about the types of cookies being used, their purpose, and how the data collected through them will be processed. This often involves a detailed cookie policy that explains the nature of cookies, differentiating between essential and non-essential cookies. CookieFirst’s cookie policy generator can be used to provide this clear information about cookie usage on your website.

3. Granular Control

Users should be given the option to customize their cookie preferences, allowing them to accept or reject different categories of cookies. For instance, users may choose to allow cookies that enhance website functionality but reject those used for advertising or third-party tracking.

4. Easy Withdrawal of Consent

Users should be able to withdraw their consent for cookies at any time as easily as they gave it. This means websites must offer mechanisms for users to change their cookie preferences or delete cookies already placed on their devices

5. Cookie Banners

Websites must display a cookie banner when users first visit. These cookie banners must provide a clear option to accept or reject cookies, as well as a link to more detailed information about cookie use. Importantly, the option to reject cookies should be as prominent as the option to accept them, ensuring that users are not coerced into giving consent.

The Role of the Data Protection Agency

To enforce the new law and ensure compliance, the Chilean government has established the Personal Data Protection Agency. This independent body will be responsible for overseeing the application of the law, handling complaints from data subjects, and imposing penalties for violations.

The agency will have the authority to audit websites, investigate breaches, and ensure that cookie consent requirements are being met. For businesses, failing to comply with the law could result in significant penalties, ranging from written warnings to fines that could reach up to 4% of a company’s annual revenue for serious violations

Implications for Businesses

For businesses operating in Chile or offering services to Chilean users, the new cookie consent requirements necessitate a thorough review of their data practices. This is particularly relevant for companies in e-commerce, digital marketing, and online services, where cookies are commonly used for tracking and targeting users.

Here are the key steps businesses need to take to comply with the new law:

1. Conduct a Cookie Audit: Companies should start by conducting a comprehensive audit of the cookies they use on their websites. This involves identifying all cookies, categorizing them as essential or non-essential, and determining whether they require consent.
2. Update Cookie Policies: Businesses must update their cookie policies to provide users with clear, detailed information about cookie use. This should include the purpose of each cookie, the data it collects, and how long the data will be stored.
3. Implement Consent Management Platforms: Many businesses are turning to consent management platforms (CMPs) to handle cookie consent efficiently. A consent management platform provides the necessary tools to display cookie banners, manage user preferences, and store consent records for auditing purposes.
4. Regularly Monitor Compliance: Compliance with cookie consent requirements is not a one-time effort. Companies should regularly review their practices to ensure that they continue to meet legal requirements as the law evolves and as their websites change 

User Rights and Benefits

From a user perspective, the new cookie consent requirements offer greater control over personal data. Users now have the right to decide which cookies they want to allow and can opt out of intrusive tracking practices. This transparency builds trust between users and websites, as individuals feel more confident that their privacy is being respected.
The law also enhances user rights in other areas, such as the right to access data collected through cookies, the right to correct inaccurate data, and the right to request deletion of data that is no longer needed

User privacy in Chile

Chile’s new Personal Data Protection Law marks a turning point in how personal data is managed and protected in the country. With its robust cookie consent requirements, the law not only empowers users but also forces businesses to adopt more transparent and responsible data practices.

For companies, the law presents both challenges and opportunities. While adapting to the new requirements may involve upfront costs and efforts, compliance with the law can enhance a company’s reputation and foster customer trust in the long run. As data privacy becomes increasingly important in the global digital landscape, businesses that prioritize user privacy will likely emerge as leaders in their fields.

By understanding and complying with the new cookie consent requirements, both businesses and users can navigate the evolving digital environment more securely and confidently.