Influenced by the European regulatory data protection laws (GDPR), like all Latin American regulations on privacy, Panama implemented a new Data Protection Law. One big difference: Panama imposes much lower fines for breaching this new data protection law, to a maximum of 10.000 USD.
There are several differences, says Mauricio París, partner at ECIJA Central America & the Caribbean in an interesting analysis of the Panamanian Data Protection Law.
Some evident omissions? The Panamanian law does not apply to:
- Personal data processing done within Panamanian territory by a person not domiciled in Panama.
- Data processing for financial intelligence analysis. In a country with highly developed financial services, the exclusion of a considerable amount of personal data processing from the protection standards is astonishing, particularly given the indeterminate and broad nature of the concept of financial intelligence.
Mauricio París also signalises how the Panamanian legislation did not follow GDPR in terms of fixing the fines derived from breaching its provisions. While in Europe these fines can reach twenty million euros, or 4% of the annual income of a company, in Panama the maximum fine is ten thousand balboas (equivalent to the US dollar).
Although the economic realities in Panama and the European Union are significant, such low fines discourage compliance. It’s the same in Costa Rica, knows Mauricio Paris, who is based in Costa Rica. It is cheaper for companies to include the cost of paying fines in their budgets, rather than take all the necessary measures to comply with the law.
In this article, Mauricio París comments on the Panama Data Protection Law and highlights the most important parts of it.