More and more, we receive inquiries about data privacy protection mechanisms. So we have to ask, what is the relationship between intellectual property and personal data? Is there a link between the two? In our opinion, the answer is yes, and this relationship could be found in the human character of both.
It is well known that we are all entitled to the protection of our intellectual property as well as to the protection of the privacy of our data. While they might be thought to be separate, unrelated issues, both matters protect something intrinsic and personal about each other: intellectual property rights protect unique and original creations made by a human being, while our private data protects information that identifies us as human beings in society and results in data that we create on a daily basis.
Our data reflects who we are, what we do, what we like, what we have and what we want.
Thus, our data is inherent to us – private and intimate, as is any original creation that we protect via intellectual property. There is, then, a connection between intellectual property rights and the right to the protection of our personal data. It should be our will that determines whether we want to share our tastes, our economic situation, our health, our preferences, or our mood.
No one can appropriate an intellectual property right, just as no one should use someone’s personal data without their consent for commercial purposes or the benefit of others.
The current times and the development of technology have determined that in almost all countries of the world there is already specific legislation regarding the processing of personal data preventing commercial exploitation of personal information.
In Peru, the Personal Data Protection Law has been in place since 2011 and has recently been published an amendment to the Regulation of the Law, which establishes more stringent protection parameters such as that companies must appoint a Personal Data Officer, that the use of personal data in advertising cannot be given more than once without the express consent of the person, that in case of a security incident with respect to personal databases, the company must communicate it to the Authority within 48 hours, among many other novelties and obligations.
The legislation is there; the data – constantly updated – is there, too. Now all that remains is for the right and ethical use of it.
Let’s treat the information and data of users, as coming from people, with due respect and consent before processing their information, in the same way as it has been promoted for many decades, that the use of brands, creations and technologies, is always given with the authorization of their creators.
Authors: Magali Garcia and Jorge Allende
Peru
