Peru - PDPL (Personal Data Protection Law)

What is PDPL in Peru? How it works?

The Personal Data Protection Law N° 29733 (PDPL) was passed in June 2011. In March 2013, the Supreme Decree N° 003-2013-JUS was issued as the Regulation of the PDLP, aiming to elaborate, clarify, and expand on the PDPL requirements, providing specific rules, terms, and provisions for data protection. Together, the PDLP and its Regulation form the primary data protection laws in Peru.

The PDPL does not explicitly address online privacy aspects like cookies and location data. However, it applies when personal data is collected and processed through these means. One of the main responsibilities of data processors/controllers is to process personal data only after obtaining prior, informed, explicit, and unequivocal consent from the data subject, unless an authoritative law allows data collection without consent for national security or Peruvian state interests. In the case of sensitive data, consent for processing must also be given in writing. The data subject retains the right to revoke their consent at any time, subject to the same requirements as when they initially provided consent.

If you want to know more about the different regulations you can access our article "Laws and regulations for each region"

Do i need a Cookie Banner in Peru?

Taking into account that according to the PDPL, websites must obtain explicit consent and inform users about the cookies used, if you want to comply with this regulation, your banner should have the following characteristics:

• Include a Button to Accept Cookies: The text in the cookie banner and the button must make it clear that by clicking the button the user agrees to the deployment of cookies.
• Include a Button to Reject Cookies: Although it does not specifically clarify a button as in other cases, we must provide an opt-out option that “takes effect immediately and is consistent.”
• Provide Detailed Information About Cookie Use: The cookie banner should contain information about why the website uses cookies. For example, does it collect data for analytics, advertising, or social media purposes?
• Alert the User if the Website Shares Data with Third Parties: If the website shares the data collected through cookies with third parties the cookie banner should explain this.
• Link to the Website’s Cookie Policy: Here the website will provide further information about the cookies in use on the site, including a list of all the cookies.
• Include a Link to the Cookie Settings: This isn’t required under GDPR as long as users have the choice to reject all cookies. However, it does have the benefit of allowing users who would otherwise reject all cookies to permit some forms of data collection. 

Observations: With illow´s GLOBAL banner, your site will be ready to comply with this regulation.

If you want to know the different types of banner cookies that you can find on our platform, access our article "Types of banners you will find on our platform"