URUGUAY
Reported in 2021
Pillar Intermediary liability |
Sub-pillar User identity requirement
Mandatory SIM card registration
It is reported that Uruguay imposes an identity requirement for SIM registration. Anyone wanting to purchase a SIM card has to provide their national ID card, or a passport in case of foreigners, to activate a new prepaid SIM card.
Coverage Telecommunications sector
Sources
URUGUAY
N/A
Pillar Intermediary liability |
Sub-pillar Safe harbor for intermediaries for copyright infringement
Lack of intermediary liability framework in place for copyright infringements
It is reported that a basic legal framework on intermediary liability for copyright infringement is absent in Uruguay's law and jurisprudence.
Coverage Internet intermediaries
URUGUAY
Since February 2020
Since August 2008
Since August 2008
Pillar Domestic Data policies |
Sub-pillar Requirement to perform an impact assessment (DPIA) or have a data protection officer (DPO)
Decreto No. 64/020 (Decree 64/2020)
Law No. 18,331 - Law for the Protection of Personal Data (Ley No. 18.331 - Ley de Protección de Datos Personales)
Law No. 18,331 - Law for the Protection of Personal Data (Ley No. 18.331 - Ley de Protección de Datos Personales)
According to Art. 6 of Decree 64/2020, prior to the start of the processing, the controller and the processor shall carry out an assessment of the impact on the protection of personal data (DPIA) in certain circumstances.
According to Art. 10, the controller and the processor shall carry out an assessment of the DPIA, when the processing operations may:
- Use sensitive data as a core business.
- Project permanent or stable processing of the specially protected data referred to in Chapter IV of Law No. 18.331 of August 11, 2008, or of data related to the commission of criminal, civil, or administrative offenses.
- Involve an evaluation of personal aspects of the data subjects to create or use personal profiles, in particular by analyzing or predicting aspects related to their work performance, economic situation, health, personal preferences or interests, behavioral reliability, behavioral reliability, financial solvency, and location.
- To process data of groups of persons in a situation of special vulnerability and, in particular, of minors or persons with disabilities.
- Processing of large volumes of personal data.
- Transfer of personal data to other States or international organizations for which there is no adequate level of protection.
- Others determined by the Regulatory and Control Unit of Personal Data.
According to Art. 10, the controller and the processor shall carry out an assessment of the DPIA, when the processing operations may:
- Use sensitive data as a core business.
- Project permanent or stable processing of the specially protected data referred to in Chapter IV of Law No. 18.331 of August 11, 2008, or of data related to the commission of criminal, civil, or administrative offenses.
- Involve an evaluation of personal aspects of the data subjects to create or use personal profiles, in particular by analyzing or predicting aspects related to their work performance, economic situation, health, personal preferences or interests, behavioral reliability, behavioral reliability, financial solvency, and location.
- To process data of groups of persons in a situation of special vulnerability and, in particular, of minors or persons with disabilities.
- Processing of large volumes of personal data.
- Transfer of personal data to other States or international organizations for which there is no adequate level of protection.
- Others determined by the Regulatory and Control Unit of Personal Data.
Coverage Horizontal
URUGUAY
Since October 2018
Since May 2020
Since February 2020
Since May 2020
Since February 2020
Pillar Domestic Data policies |
Sub-pillar Requirement to perform an impact assessment (DPIA) or have a data protection officer (DPO)
Law No 19,670 - Approval of the Financial Statements and Balance Sheet of Budget Execution (Ley No. 19.670 - Aprobación de Rendición de Cuentas y Balance de Ejecución Presupuestal)
Resolution No. 32/20 - Executive Council of the Regulatory and Control Unit of Personal Data (Resolución 32/20 - Consejo Ejecutivo de la Unidad Reguladora y de Control de Datos Personales)
Decreto No. 64/020 (Decree 64/2020)
Resolution No. 32/20 - Executive Council of the Regulatory and Control Unit of Personal Data (Resolución 32/20 - Consejo Ejecutivo de la Unidad Reguladora y de Control de Datos Personales)
Decreto No. 64/020 (Decree 64/2020)
According to the Art. 40 of Law No 19,670 the appointment of a Data Protection Officer (DPO) is mandatory in the following cases: (i) public state or non-state entities, (ii) private or partially state-owned entities, (iii) private entities which process sensitive data as a core activity, and (iv) private entities which process large scales of data (Art. 10 of Decree 64/2020 establishes that large scales of data mean the data processing of more than 35,000 data subjects).
The appointment of a DPO must be submitted to the approval of the Regulatory Unit for the Control of Personal Data (URCDP). If the legal and technical requirements are not met, the Regulator is empowered to refuse or revoke (as the case may be) the submission/authorization to the appointed DPO, as set forth in Resolution No. 32/20. The delegate is responsible for advising the organizations they represent on compliance with the rules set forth in Law No. 18,331 on Personal Data Protection. In addition to this, they are also responsible for serving as the main point of contact with the URCDP, along with several other functions.
The appointment of a DPO must be submitted to the approval of the Regulatory Unit for the Control of Personal Data (URCDP). If the legal and technical requirements are not met, the Regulator is empowered to refuse or revoke (as the case may be) the submission/authorization to the appointed DPO, as set forth in Resolution No. 32/20. The delegate is responsible for advising the organizations they represent on compliance with the rules set forth in Law No. 18,331 on Personal Data Protection. In addition to this, they are also responsible for serving as the main point of contact with the URCDP, along with several other functions.
Coverage Horizontal
Sources
- https://www.impo.com.uy/bases/leyes/19670-2018
- https://www.gub.uy/unidad-reguladora-control-datos-personales/institucional/normativa/resolucion-n-32020
- https://www.impo.com.uy/bases/decretos/64-2020
- https://resourcehub.bakermckenzie.com/en/resources/data-privacy-security/latin-america/uruguay/topics/data-protection-officers
- Show more...
URUGUAY
Since August 2008
Pillar Domestic Data policies |
Sub-pillar Framework for data protection
Law No. 18,331 - Personal Data Protection Law (Ley No. 18.331 - Ley de Protección de Datos Personales)
Uruguay has a data protection framework established in Law No. 18.331 - Personal Data Protection Law.
Coverage Horizontal
URUGUAY
Since August 2008
Pillar Cross-border data policies |
Sub-pillar Conditional flow regime
Law No. 18,331 - Personal Data Protection Law (Ley No. 18.331 - Ley de Protección de Datos Personales)
According to Art. 23 of Law No. 18.331 - Personal Data Protection Law, the transfer of personal data to countries or international organizations that do not provide adequate levels of protection is prohibited. The prohibition shall not apply in the case of:
- International judicial cooperation, in accordance with the respective international instrument, whether Treaty or Convention, takes into account the case's circumstances;
- Exchange of medical data when so required by the affected person's treatment for public health or hygiene reasons;
- Banking or stock exchange transfers, in relation to the respective transactions and in accordance with the applicable legislation;
- Agreements within the framework of international treaties to which the Oriental Republic of Uruguay is a party;
- International cooperation between intelligence agencies in the fight against organized crime, terrorism fight against organized crime, terrorism, and drug trafficking.
- International judicial cooperation, in accordance with the respective international instrument, whether Treaty or Convention, takes into account the case's circumstances;
- Exchange of medical data when so required by the affected person's treatment for public health or hygiene reasons;
- Banking or stock exchange transfers, in relation to the respective transactions and in accordance with the applicable legislation;
- Agreements within the framework of international treaties to which the Oriental Republic of Uruguay is a party;
- International cooperation between intelligence agencies in the fight against organized crime, terrorism fight against organized crime, terrorism, and drug trafficking.
Coverage Horizontal
URUGUAY
Since October 2016
Pillar Cross-border data policies |
Sub-pillar Participation in trade agreements committing to open cross-border data flows
Participation to trade or regional agreements committing to open transfers of cross-border data flows
Uruguay has committed to open the transfer of cross-border data flows as part of the Free Trade Agreement between the Republic of Chile and the Oriental Republic of Uruguay.
In addition, the country has joined several trade agreements considered relevant to digital trade:
- Partial Scope Agreement Of Economic Complementation No. 57 Signed Between The Argentine Republic And The Oriental Republic Of Uruguay.
- Free Trade Agreement between the Oriental Republic of Uruguay and the Government of the United Mexican States.
- Economic Complementation Agreement signed between the Governments of the Argentine Republic, the Federative Republic of Brazil, the Republic of Paraguay and the Oriental Republic of Uruguay, Member States of Mercosur, and the Governments of the Republic of Colombia, the Republic of Ecuador and the Bolivarian Republic of Venezuela, Member Countries of the Andean Community.
- Economic Complementation Agreement subscribed between the Governments of the Republic of Argentina, the Federative Republic of Brazil, the Republic of Paraguay, the Oriental Republic of Uruguay, Mercosur Member States, and the Government of the Republic of Peru.
- Partial Scope Agreement between the Oriental Republic of Uruguay and the Bolivarian Republic of Venezuela.
In addition, the country has joined several trade agreements considered relevant to digital trade:
- Partial Scope Agreement Of Economic Complementation No. 57 Signed Between The Argentine Republic And The Oriental Republic Of Uruguay.
- Free Trade Agreement between the Oriental Republic of Uruguay and the Government of the United Mexican States.
- Economic Complementation Agreement signed between the Governments of the Argentine Republic, the Federative Republic of Brazil, the Republic of Paraguay and the Oriental Republic of Uruguay, Member States of Mercosur, and the Governments of the Republic of Colombia, the Republic of Ecuador and the Bolivarian Republic of Venezuela, Member Countries of the Andean Community.
- Economic Complementation Agreement subscribed between the Governments of the Republic of Argentina, the Federative Republic of Brazil, the Republic of Paraguay, the Oriental Republic of Uruguay, Mercosur Member States, and the Government of the Republic of Peru.
- Partial Scope Agreement between the Oriental Republic of Uruguay and the Bolivarian Republic of Venezuela.
Coverage Horizontal
URUGUAY
N/A
Pillar Telecom infrastructure and competition |
Sub-pillar Signature of the WTO Telecom Reference Paper
Lack of adoption of WTO Telecom Reference Paper
Uruguay has not appended the WTO Telecom Reference Paper to its schedule of commitments.
Coverage Telecommunications sector
URUGUAY
N/A
Pillar Telecom infrastructure and competition |
Sub-pillar Presence of independent telecom authority
Lack of independent telecom authority
According to national legislation (Law 17.296), the Regulatory Unit of Communications Services (URSEC) has been constituted as a decentralized state legal entity (decentralized public service). However, it is reported that Uruguay's regulatory entity has autonomy only for some decisions.
Coverage Telecommunications
URUGUAY
Since March 2003
Pillar Telecom infrastructure and competition |
Sub-pillar Other restrictions to operate in the telecom market
Telecommunications Licensing Regulations (Reglamento de Licencias de Telecomunicaciones)
Art. 16 of the Telecommunications Licensing Regulations requires licensees whose corporate purpose includes activities other than the provision of telecommunications services to keep separate accounts for the latter. Therefore, it is not required for operators with market power but only for activities other than telecommunications.
Coverage Telecommunications sector
URUGUAY
Since July 1974
Since Januray 2015
Since Januray 2015
Pillar Telecom infrastructure and competition |
Sub-pillar Other restrictions to operate in the telecom market
Decree-Law No. 14235: Law Creating ANATEL (Decreto Ley No. 14235: Ley de Creación de ANATEL)
Media Law
Media Law
Art. 6 of Law 14,235 establishes that the National Telecommunications Administration of Uruguay (ANTEL) has a monopoly on telecommunications services. As this law predates the Internet, it has generated uncertainty about the scope of ANTEL's monopoly. In practice, other companies have been operating in the market, although the operator never granted licenses to provide data transmission services until June 2022. The situation changed as a result of a court ruling in 2016. Following an appeal by a group of companies, the Uruguayan Court of Justice declared Art. 56 of the 2015 Media Law invalid, thus allowing holders of audiovisual communication services to apply for licenses to provide broadband and Internet access services.
Coverage Telecommunications sector
URUGUAY
Since July 1974
Pillar Telecom infrastructure and competition |
Sub-pillar Presence of shares owned by the government in telecom companies
Decree-Law No. 14235: Law Creating ANATEL (Decreto Ley No. 14235: Ley de Creación de ANATEL)
Pursuant to Art. 1 of Law 14,235, the National Telecommunications Administration of Uruguay (ANTEL) is a decentralized public service and the company is fully state-owned.
Coverage Telecommunications sector
URUGUAY
N/A
Pillar Telecom infrastructure and competition |
Sub-pillar Functional/accounting separation for operators with significant market power
Lack of mandatory functional and accounting separation for dominant network operators
It is reported that Uruguay does not mandate functional or accounting separation for operators with significant market power (SMP) in the telecom market.
Coverage Telecommunications sector
URUGUAY
N/A
Pillar Intellectual Property Rights (IPRs) |
Sub-pillar Effective protection covering trade secrets
Lack of regulatory framework covering trade secrets
Uruguay has no rules applicable to the protection of trade secrets. It is reported that the Uruguayan legal system does not have a single reference to business or trade secrets, nor does the legal system have a law on unfair competition in which to include its regulation.
Coverage Horizontal
URUGUAY
N/A
Pillar Telecom infrastructure and competition |
Sub-pillar Passive infrastructure sharing obligation
Lack of passive infrastructure sharing obligation
It is reported that passive sharing of infrastructure in the telecom market is not mandated, but it is practiced in the mobile sector based on commercial agreements. However, in the fixed sector is not mandated nor practiced.
Coverage Telecommunications sector