¿Quién Defiende Tus Datos?: Four Years Setting The Bar for Privacy Protections in Latin America and Spain

Four years have passed since our partners first published Who Defends Your Data (¿Quién Defiende Tus Datos?), a report that holds ISPs accountable for their privacy policies and processes in eight Latin America countries and Spain. Since then, we’ve seen major technology companies providing more transparency about how and when they divulge their users’ data to the government. This shift has been fueled in large part by public attention in local media. The project started in 2015 in Colombia, Mexico, and Peru, joined by Brazil in 2016, Chile and Paraguay in 2017, Argentina and Spain in 2018, and Panama this year.

When we started in 2015, none of the ISPs in the three countries surveyed had published transparency reports or any aggregate data about the number of data requests they received from governments. By 2019, the larger global companies with a regional presence in the nine countries surveyed are now doing this. This is a big victory for transparency, accountability, and users’ rights.

Telefónica (Movistar/Vivo), a global company with a local presence in Spain and in 15 countries in Latin America, has been leading the way in the region, closely followed by Millicom (Tigo) with offices in seven countries in South and Central America. Far behind is Claro (America Movil) with offices in 16 countries in the region. Surprisingly, in one country, Chile, the small ISP WOM! has also stood out for its excellent transparency reporting.

Telefonica publishes transparency reports in each of the countries we surveyed, while Millicom (Tigo) publishes transparency reports with data aggregated per specific region. In South America, Millicom (Tigo) publishes aggregate data for Bolivia, Colombia, and Paraguay. In 2018, Millicom (Tigo) also published a comprehensive Transparency report for Colombia only. While Claro (America Movil) operates in 16 countries in the region, it has only published a transparency report in one of the countries we surveyed, Chile. Chilean ISPs such as WOM!, VTR, and Entel have all also published their own transparency reports. In Brazil, however, Telefónica (Vivo) is the only Brazilian company that has published a transparency report.

All of the reports still have plenty of room for improvement. The level of information disclosed varies significantly company-by-company, and even country-by-country. Telefónica usually discloses a separate aggregate number for different types of government requests—such as wiretapping, metadata, service suspension, content blocking and filtering—in their transparency report. But for Argentina, Telefónica only provides a single aggregate figure that covers every kind of request. And in Brazil, for example, Telefónica Brazil has not published the number of government requests it accepts or rejects,  although it has published that information in other countries.

Companies have also adopted other voluntary standards in the region, like publishing their law enforcement guidelines for government data demands. For example, Telefónica provides an overview of the company's global procedure when dealing with government data requests. But four other companies, who operate in Chile, publish more precise guidelines adapted only to that country's legal frameworks including the small ISP WOM! and Entel, the largest national telecom company.

A