January 28: International Data Protection Day

Every January 28th, International Data Protection Day calls us to critical reflection: in a hyper-connected economy, the security of our information is not only a right, but a strategic asset. In the current context, where personal data is considered the "new oil," its ethical and secure management is the only real defense against a cybercrime ecosystem that is evolving at an unprecedented pace.

In our region, the outlook is challenging. While cyber incidents are on the rise, countries like Costa Rica and the Dominican Republic are leading the way in updating their legal frameworks, while the rest of Central America is accelerating its regulatory modernization. This progress aims to protect citizens' digital sovereignty and generate the trust necessary for the growth of e-commerce.

Today, data protection is a mandatory digital skill. Preventive measures alone are not enough; it is essential to understand that privacy is a shared responsibility. Navigating cyberspace safely requires knowing our rights and the obligations of the entities that safeguard our information.

To delve deeper into the current state of information security, we analyze below the key questions that define privacy in our regional environment.

Why is International Data Protection Day commemorated and what is its importance in cybersecurity?

The “International Data Protection Day” is celebrated on this date commemorating the opening for signature of Convention 108 in 1981 , known as the first international treaty on data protection and which was an initiative of the Council of Europe.

The protection of personal data not only safeguards the human right to privacy, but also prevents violations that could result in serious consequences, such as identity theft or financial fraud.

Regarding Generative AI and similar technologies, what are the main data protection concerns?

The main concerns revolve around three fundamental axes:

• Privacy: AI systems can collect and process large amounts of personal data, increasing the risk of violations of this right.
• Transparency: Lack of clarity in the operation and decision-making process of AI can lead to inequalities and algorithmic discrimination.
• Security: Due to the large amount of data it processes, AI has become a very attractive target for cybercrime.

It is essential that the world's legislation be updated and be able to provide mechanisms to address the problems arising from the use of this technology. Several questions remain, as it is often unclear which country or state should judge damages caused by AI or who is ultimately responsible.

What is happening with regulations around the world, and what is the regulatory direction?

At the international level, we are seeing a strong regulatory process, with key initiatives including:

• European Union: The AI ​​Act.
• United States: The Blueprint for an AI Bill of Rights and the AI ​​Act.
• Global Level (UN): Through UNICEF, legislation has been promoted through recommendations since 2021.
• Latin America: We have seen the first regulations, such as Peru's. More recently, the Latin American Parliament (PARLATINO) has issued a model law that will serve as inspiration for member countries.

What can we expect this year in terms of regulatory trends?

This year, beyond AI and data protection as such, we expect progress on exclusive cybersecurity standards at the organizational and technological level.

This is because, given the growth of cybercrime, cybersecurity has become an essential part of the functioning of any organization, and that is why its regulation is of priority interest.