Refusal to re-enroll a student in a private Catholic school in Paraguay's capital, Asunción, clearly highlights what happens when companies exchange and do business with personal data. According to press reports, the family had been paying their school fees on time, but were denied re-enrollment because they were on a creditor's black list as guarantors on a defaulted loan.
The data was stored by Informconf, a private company whose database is filled with the commercial activities of half of Paraguay's population, with black lists that don't require a debt minimum to appear on it.
The parents of the child reported the situation as discriminatory, and although the education ministry agreed, no further actions were taken against the school. Apparently, Catholic institutions are regulated by the archbishop and, as a result, don't answer to the State, even if these schools are allegedly responsible for discrimination against a minor.
This financial information is not only accessed by private schools or credit agencies, but also potential employers. As a result, and in spite of the existence of a law approved to avoid precisely this kind of discrimination, people in debt have a harder time finding work and a harder time paying back their loans.
— El Surtidor (@elsurti) July 11, 2017
In the image: Discriminated against for being on [Informconf's database]. Informconf manages data from half of Paraguay's commercial activities. There's no minimum amount to be on the default list. With this data, companies make decisions on whether or not to give loans and evaluate potential employees. In the tweet: This is just one of the ways in which private companies use data daily to discriminate against people. Find out more [in the link].
Even your health data might not be safe
In 2016, a young man reported being expelled from the Military Academy for being HIV positive. After being the victim of mistreatment and humiliation from his superiors, he was forced to resign from the academy.
Despite its prohibition in 2009, between 2012 and 2016, 27 companies have been accused of demanding HIV tests from their workers. Some of them even ran these tests without knowledge or consent from their employees during routine analyses.
Entre varios problemas, uno de los principales que cita el informe es la carencia total de legislación que proteja los datos personales de la ciudadanía, lo que se considera una omisión grave en el cumplimiento de los estándares internacionales de derechos humanos. Además, los estándares locales para la intervención de las comunicaciones privadas no cumplen con los principios de necesidad y proporcionalidad ni con las garantías judiciales exigidas por la normativa internacional. Esta situación de vulnerabilidad se agrava ante una amplia concesión de ambiguas potestades a organismos como el Servicio Nacional de Inteligencia (SINAI), bajo el argumento de la “seguridad nacional”.
Among many other issues, one of the most important problems cited by the report, is the total lack of legislation made to protect citizen's personal data, which is considered to be a grave omission in the compliance of international standards for human rights. Moreover, local standards surrounding the monitoring of private communications comply neither with the principles of necessity and proportionality nor with judicial guarantees demanded by international norms. This situation of vulnerability gets worse with the wide concessions that are given to organisms like the National Service of Intelligence which use the argument of “national security”.