In the Americas, data protection laws define what constitutes “sensitive” personal data using common elements.

Moreover, the concept of sensitive personal data in the Americas largely aligns with the special categories of personal data that are protected under the European Union's General Data Protection Regulation.

Each country has specific measures to protect sensitive personal data, but these vary in nature and scope across the region. Such measures include restricting the legal grounds available for processing sensitive personal data and imposing additional security and transparency obligations.

Additionally, many countries in the Americas share two requirements for collecting and processing data from minors:

• ensuring the data processing takes place only if it is in the best interests of the minor; and
• requiring consent from the parents or legal guardians before processing a minor’s data.

These are among the main findings from Cullen International’s new benchmark covering how eight countries in the Americas protect sensitive data and the personal data of minors.

For more information and access to the benchmark, please click on “Access the full content” - or on “Request Access”, in case you are not subscribed to our Americas Digital Economy service.