The Personal Data Protection Law N° 29733 (PDPL) was enacted in June 2011. In March 2013, the Supreme Decree N° 003-2013-JUS-Regulation of the PDLP (Regulation) was published in order to develop, clarify and expand on the requirements of the PDPL and set forth specific rules, terms and provisions regarding data protection.
Together, the PDLP and its Regulation are the primary data protection laws in Peru.
As of 2021, Peru
approved the Bill that creates the National Authority for Transparency, Access to Public Information and Protection of Personal Data.
Peru possesses a
Digital Trust Framework, as a means to establish certain obligations for public or private entities acting as digital service providers. These include reporting when a digital security incident involving personal data occurs, as well as implementing technical, organisational, and legal security measures to guarantee the confidentiality of information transmitted through its communications services.
Over the last decades, the Peruvian state has made efforts to promote digital transformation, both within its institutions and in the services it offers to citizens and has outlined a
Digital Agenda in 2021 for Digital Transformation.
Brazil’s 2020 National Cybersecurity Strategy (
E-Ciber) outlines ten strategic actions to be undertaken in relation to cyber resilience, which include the extension of international cooperation and the enhancement of protection for critical infrastructure. The Strategy pledges Brazil to encourage international cooperation in cybersecurity, participate in joint cyber resilience events and exercises, and expand cybersecurity cooperation agreements. On the level of discourse, Brazil remains committed to international cyber cooperation in resilience, staying true to its traditional stance in favour of multilateral solutions.
Resilience constitutes one of the central objectives of Japan’s
2018 Cybersecurity Strategy, whose core components include international cooperation in sharing expertise and coordination of policies, incidence response, and cyber capacity-building (CCB). Japan has traditionally
argued that global initiatives are required to reduce cybersecurity vulnerabilities and has advocated for a tailor-made approach that takes into account the national situation of recipient countries and the importance of national ownership.
Japan recognises the ‘trickle-up’ effect of national initiatives,
stating that CCB “not only improves the capabilities of the recipient country, but also directly leads to enhanced security and stability in cyberspace as a whole”; in that sense, it disfavours the understanding of CCB as a “common but differentiated responsibility”, believing that such a view “does not fit the context” of international cyber cooperation. As a result, the country has assumed a balanced approach to CCB. On the one hand, it has successfully utilised multilateral fora such as the G7 and G20 summits to promote its own normative standards.
At the G7 Ise-Shina Summit in May 2016, for instance, Japan introduced the
Ise-Shima Principles, which included the enhancement of cooperation on CCB. On the other hand, Japan considers its own security and that of its nationals as intrinsically tied to the cyber capabilities of developing countries, since attacks on the IT infrastructure of regional partners can adversely affect Japanese trade. Japan has thus acted primarily through ASEAN to promote regional capacity-building efforts.