Uruguay: URCDP issues recommendations for using messaging applications
The Uruguayan data protection authority ('URCDP') published, on 17 June 2021, a set of recommendations for managers, developers, and data holders for the use of messaging applications, in accordance with the rules on personal data protection. In particular, the recommendations state that for companies that provide services or products and use messaging applications:
- the use of messaging apps to communicate with users must be done with the user's prior express written consent;
- the use of messaging apps must be carried out in accordance with the principles of protection of personal data and adequate security;
- less intrusive privacy options must be given to data holders to communicate with the company;
- liability for the use of non-compliant messaging apps remains the responsibility of the company;
- the use of third-party service and apps does not exempt organisations from informing data holders of privacy policies; and
- being outside of Uruguay does not exempt companies from compliance with Article 37 of Law No. 19.670 of 15 October 2018.
Furthermore, in relation to messaging application providers, the recommendations highlight the following:
- application development must be carried out within the current framework of data protection regulations;
- end-to-end message encryption is a recommended measure in the exercise of proactive responsibility;
- data holders must be provided with all purposes for the use of the application and consequences and options for such a choice; and
- privacy policies must be clear and comprehensive.
You can read the recommendations, only available in Spanish here.