Compliance Guide — Chile

Employee Monitoring Laws in Chile: Law 21.719 Takes Effect in 2026 — What Employers Must Know

Chile's employee monitoring laws are governed by Labor Code Article 154 bis and the outgoing Law 19.628. On December 1, 2026, the landmark Law 21.719 — Chile's first GDPR-caliber data protection law — transforms the compliance landscape entirely. This guide explains what the current rules require, what changes under the new law, and what every employer operating in Chile must do before the deadline.

Download Policy Template Book a Compliance Demo

Last updated: April 2026. This page is for informational purposes only and does not constitute legal advice.

eMonitor compliance dashboard showing Chile Law 21.719 monitoring policy settings

December 1, 2026 Deadline: Law 21.719 Takes Full Effect

Chile's comprehensive data protection law imposes fines up to 5,000 UTM (~$350,000 USD) for serious monitoring violations. Employers who have not audited their monitoring practices, updated employment contracts, and established employee rights request processes before this date face significant legal and financial exposure. The new autonomous Agencia de Proteccion de Datos Personales will begin formal enforcement operations on the same date.

What This Guide Covers

The Current Legal Framework: What Chilean Employee Monitoring Law Looks Like Today

Before examining what changes in December 2026, it is essential to understand the existing rules — because they remain fully in force until Law 21.719 takes effect and some obligations carry forward into the new regime.

Law 19.628: Chile's Original Data Protection Act (1999)

Law 19.628, enacted in 1999, is Chile's foundational data protection statute. For over two decades it has governed how organizations collect, store, and use personal data — including data generated through employee monitoring. The law requires informed consent as the primary basis for processing personal data, mandates that data be used only for the purpose it was collected, and gives data subjects the right to access and correct their records.

Law 19.628's weakness is structural: it predates smartphones, cloud computing, and any modern conception of workplace monitoring. It lacks a dedicated supervisory authority with real enforcement power, and its consent-based framework has proven difficult to apply in employment relationships where consent cannot meaningfully be said to be free. This is precisely why Law 21.719 was enacted — to bring Chile's framework into alignment with global standards.

Law 19.628 remains in force until December 1, 2026. Employers must continue to comply with its requirements while simultaneously preparing for the transition.

Labor Code Article 154 bis: The Workplace Monitoring Provision

Article 154 bis of Chile's Labor Code (Código del Trabajo) is the primary statute governing workplace monitoring in Chile today. It establishes three binding requirements for all employers:

  • Respect for privacy and dignity: Employers must respect the fundamental rights, privacy, and dignity of employees at all times. Monitoring that demeans, humiliates, or disproportionately intrudes on personal life violates this provision regardless of business justification.
  • Prior written notice: Employers must notify employees before implementing any monitoring system. Notice must be specific enough that employees understand what is being tracked, how data is used, and who has access. Covert monitoring without prior notice is unlawful under Article 154 bis.
  • Proportionality: Monitoring must be proportional to the legitimate business objective it serves. Capturing screen recordings every 5 minutes for a data entry team may be proportional for quality assurance. The same approach applied to a human resources professional handling sensitive personnel files requires a more careful proportionality assessment.

Article 154 bis also contains an absolute prohibition on monitoring in private spaces: bathrooms, changing rooms, break rooms, and any other area where employees have a reasonable expectation of complete privacy. Audio or video surveillance in these spaces is illegal regardless of any claimed business purpose.

The Labor Directorate (Dirección del Trabajo)

The Dirección del Trabajo is Chile's administrative labor law enforcement body. It has historically been the primary avenue for employee complaints about unlawful monitoring practices. The Labor Directorate has issued a series of administrative rulings (dictamenes) on monitoring cases, and its interpretations carry significant weight in court proceedings. A representative sample of its positions:

  • Email monitoring on employer-provided accounts is permissible with prior written notice, but reading personal webmail is not.
  • GPS tracking of company vehicles during work hours is lawful, but tracking employee location outside working hours is not.
  • Keystroke logging that measures activity intensity (as opposed to capturing personal content) is consistent with Article 154 bis when employees are notified.

After December 2026, the new Agencia de Protección de Datos Personales assumes data protection enforcement responsibility, while the Labor Directorate retains jurisdiction over labor law violations.

Law 21.719: Everything That Changes on December 1, 2026

Law 21.719 is Chile's most significant legislative development in privacy law in 27 years. Modeled explicitly on the EU GDPR and incorporating lessons from Brazil's LGPD (enacted in 2018), it replaces the fragile consent-only framework of Law 19.628 with a modern, multi-basis regime backed by meaningful enforcement infrastructure.

For employers engaged in employee monitoring, the changes are substantial. Here is what takes effect on December 1, 2026.

1. The New Agencia de Protección de Datos Personales

Law 21.719 creates an autonomous Data Protection Agency — the Agencia de Protección de Datos Personales (APDP) — for the first time in Chilean history. Unlike Law 19.628, which relied on courts and an under-resourced administrative framework, the APDP has direct powers to:

  • Receive and investigate complaints from employees about monitoring violations
  • Conduct audits of employer data processing practices
  • Issue binding guidance and interpretations
  • Impose fines and remediation orders
  • Publish enforcement decisions (with reputational consequences for named employers)

The APDP begins formal enforcement operations on December 1, 2026. Employers should not assume a "grace period" of light enforcement — Chilean legal commentators note that the agency has strong incentives to establish credibility through early action.

2. A Graduated Fine Structure With Real Consequences

Law 21.719 introduces a three-tier penalty system denominated in UTM (Unidad Tributaria Mensual), Chile's indexed tax unit:

Violation Category Maximum Fine Approximate USD Equivalent
Minor violations (procedural) 100 UTM ~$7,000
Serious violations (unauthorized processing, failure to notify) 1,000 UTM ~$70,000
Gravely serious violations (mass unauthorized processing, intentional breach) 5,000 UTM ~$350,000

Beyond fines, Law 21.719 introduces criminal liability for individuals who intentionally and unlawfully process personal data, including those who direct or authorize unlawful monitoring practices. HR directors and IT security managers should be aware that personal exposure is possible, not just corporate liability.

3. Multiple Lawful Bases Replace Consent-Centricity

Under Law 19.628, informed consent was the primary — and in many practical contexts, only — lawful basis for processing personal data. Law 21.719 introduces a broader range of lawful bases, mirroring the GDPR's Article 6 approach. For employee monitoring, the two most relevant are:

  • Legitimate interest: Employers may process employee data without consent when they have a documented legitimate interest that is proportionate to the privacy impact on employees. For most workplace monitoring — productivity tracking, security logging, attendance recording — legitimate interest will be the appropriate basis.
  • Contractual necessity: Processing necessary for the execution of the employment contract itself. Time tracking to calculate wages, attendance records for payroll, and project-level time allocation for billing purposes may qualify.

Importantly, consent remains available but is generally inadvisable as the primary basis for employment monitoring. The power imbalance between employer and employee means consent may not be freely given — and consent can be withdrawn at any time, creating operational instability. Chilean legal practitioners overwhelmingly recommend legitimate interest, supported by a documented Legitimate Interest Assessment.

4. Data Minimization and Purpose Limitation

Law 21.719 codifies two principles that are particularly consequential for workplace monitoring:

  • Data minimization: Collect only personal data that is strictly necessary for the documented monitoring purpose. Capturing full keyboard content when you only need activity intensity levels, or storing screenshots indefinitely when 30 days would suffice, violates this principle.
  • Purpose limitation: Data collected for one purpose (e.g., productivity tracking) cannot be repurposed without a new lawful basis (e.g., using productivity data in a disciplinary proceeding requires an explicit policy stating that purpose).

Employers should audit their monitoring tools against both principles before the December deadline. Any data collected that cannot be justified by a documented, current purpose should be deleted.

5. Mandatory Data Retention Schedules

Law 21.719 requires that personal data — including monitoring data — be deleted once the processing purpose has been fulfilled. Employers must establish and document formal data retention schedules. A practical framework:

  • Productivity and activity logs: 12 months from collection, unless needed for active disciplinary or legal proceedings
  • Screenshot and screen recording data: 30–90 days unless retained for documented compliance or quality assurance purposes
  • Attendance and time records: 5 years, aligning with Chile's labor claim statute of limitations
  • Security and DLP logs: 12–24 months, depending on regulatory requirements in your industry

Which Lawful Basis Should Chilean Employers Use for Employee Monitoring?

Choosing the right lawful basis is the most consequential compliance decision an employer makes before December 2026. The wrong choice — particularly an over-reliance on consent — creates legal instability and enforcement exposure.

Legitimate Interest: The Recommended Basis for Most Monitoring

For the majority of employee monitoring activities, legitimate interest is the most legally sound and operationally stable basis. To rely on legitimate interest, employers must complete a three-part analysis:

  1. Identify the legitimate interest: Be specific. "Business efficiency" is not sufficient. "Preventing data exfiltration through USB devices in a financial services environment" is. "Ensuring client billing accuracy through project-level time allocation" is.
  2. Necessity assessment: Demonstrate that the monitoring is necessary to achieve the stated interest and that less intrusive alternatives would not achieve the same result.
  3. Balancing test: Confirm that the privacy impact on employees does not override the employer's legitimate interest. Factors include: the sensitivity of the data collected, whether employees are notified, whether the monitoring extends to private activities, and whether the data is protected with appropriate security measures.

This three-part analysis should be documented in writing — a Legitimate Interest Assessment (LIA) — and retained for inspection by the APDP on request.

Contractual Necessity: When It Applies

Contractual necessity applies when processing is genuinely required to fulfill the employment contract itself. Time tracking for wage calculation qualifies. Screenshot monitoring for quality assurance does not — it goes beyond what the contract strictly requires. Use contractual necessity selectively and always have legitimate interest as a backup basis.

Why Consent Is Not the Right Answer

Chilean employment law scholars and Law 21.719's legislative history both flag the problem of consent in employment contexts. An employee who refuses consent to monitoring may reasonably fear that refusal will affect their standing with the employer. This coercive dynamic means consent cannot be considered freely given — a requirement under the law — making consent-based monitoring vulnerable to challenge. Employers who have built their current monitoring policies around Law 19.628 consent requirements need to transition to a legitimate interest framework before December 2026.

New Employee Data Rights Under Law 21.719: What Employers Must Prepare For

Law 21.719 grants Chilean employees four rights that did not exist meaningfully under Law 19.628. From December 2026, employees can exercise these rights at any time, and employers must have processes in place to respond within legally mandated timeframes.

Right of Access

Employees can request a copy of all personal data the employer holds about them — including monitoring records. An access request might ask for all productivity scores, screenshot logs, activity tracking records, and attendance data from the past 12 months. Employers must respond within the timeframe specified by the APDP (expected to align with GDPR's 30-day standard) and provide the data in an intelligible format. This means employers need to know exactly what data they hold, where it is stored, and how to extract it per individual on short notice.

Right to Rectification

If an employee believes monitoring data about them is inaccurate — for example, that their activity score was affected by a system error during a documented network outage — they can request correction. Employers need a documented review process for evaluating rectification requests and making corrections where warranted.

Right to Deletion

Employees can request deletion of data collected without a valid lawful basis or retained beyond the specified retention period. This right is particularly relevant for employers who currently retain monitoring data indefinitely without a documented retention policy. The deletion right does not apply when data is required for legal proceedings or legal obligations — but employers must be able to invoke that exception with specific justification, not as a blanket refusal.

Right to Data Portability

This is the most operationally novel right for most Chilean employers. Employees can request their data in a structured, commonly used, machine-readable format. For monitoring data, this means an employer must be able to export an employee's time records, productivity data, and attendance history in a format that could theoretically be transferred to another system. This requirement will affect how employers configure their monitoring platforms and data storage architecture.

Right to Object to Processing

Where the lawful basis is legitimate interest, employees retain the right to object to processing on grounds relating to their particular situation. The employer can override the objection if it has compelling legitimate grounds that override the employee's interests. Employers should have a formal objection review process ready to deploy before December 2026.

Is Your Monitoring Practice Ready for December 2026?

eMonitor's compliance-ready platform includes configurable data retention, employee-facing dashboards that fulfill access rights, and built-in policy management. Trusted by 1,000+ companies worldwide.

Start Free Trial Download Consent & Notice Templates

When Is a Data Protection Officer or DPIA Required Under Law 21.719?

Two of Law 21.719's most practically significant requirements for larger employers are the Data Protection Officer (DPO) obligation and the Data Protection Impact Assessment (DPIA) requirement. Understanding when each applies determines a major portion of your compliance workload.

Data Protection Officer (DPO)

Law 21.719 requires organizations to appoint a DPO when they engage in large-scale or high-risk processing of personal data as a core activity. For employers, the DPO obligation is most likely triggered when:

  • You conduct systematic, large-scale monitoring of employees — for example, a BPO operation monitoring hundreds of agents' screens, calls, and keystrokes continuously
  • You process biometric data for access control or attendance purposes (fingerprints, facial recognition)
  • You use AI-powered behavioral analytics to profile employees, predict attrition, or score engagement at scale
  • You operate across multiple jurisdictions and Chile is a significant part of your workforce

The DPO must have expert knowledge of data protection law, act independently (cannot be subject to conflicts of interest), and serve as the point of contact for employees exercising their rights and for the APDP. The role can be filled by an internal employee or an external specialist. For companies below the threshold, a named Privacy Contact fulfilling similar coordination functions is a practical alternative.

Data Protection Impact Assessment (DPIA)

A DPIA is a formal risk assessment that must precede the launch of any new monitoring system or significant change to existing monitoring that involves high-risk processing. Monitoring activities likely to require a DPIA include:

  • Continuous or near-continuous screen recording of employees
  • AI-based behavioral profiling that scores employees and drives HR decisions
  • Monitoring of employee communications (email content analysis, messaging platform monitoring)
  • Collection and processing of biometric data for any purpose
  • Keystroke content logging (distinct from keystroke intensity measurement)

A DPIA must identify the risks, assess their likelihood and severity, identify mitigation measures, and document the residual risk. Where a DPIA reveals risks that cannot be adequately mitigated, the APDP must be consulted before the processing begins. Employers who already conduct certain high-risk monitoring activities should complete retrospective DPIAs before the December 2026 deadline and be prepared to share them with the APDP on request.

What Employee Monitoring Is Prohibited in Chile?

Both the current framework and Law 21.719 draw clear lines that no employer may cross, regardless of business justification.

Monitoring in Private Spaces (Absolute Prohibition)

Labor Code Article 154 bis absolutely prohibits monitoring of any kind in bathrooms, changing rooms, break areas, nursing rooms, and any space designated for employees' personal or physiological needs. This prohibition carries over in full under Law 21.719. Violation is both a labor law offense (reportable to the Labor Directorate) and a data protection offense (reportable to the APDP). Criminal consequences are possible for individuals who direct the installation of covert surveillance in these areas.

Covert Monitoring Without Prior Notice

Monitoring employees without prior written notice violates Article 154 bis and, after December 2026, the transparency requirements of Law 21.719. The requirement for notice does not mean employees must individually sign consent forms — a clear, specific written policy communicated to all employees and incorporated into the internal workplace regulations satisfies the notice obligation. However, notice must be genuine: a single buried paragraph in a lengthy onboarding document is unlikely to satisfy Law 21.719's transparency standard.

Monitoring Personal Devices Without Documented Consent

Extending monitoring to personally owned devices — employees' own laptops, personal smartphones used for work — is legally fraught. Under both current and future Chilean law, monitoring personal equipment requires a specific, documented basis separate from any general monitoring policy. A formal BYOD (Bring Your Own Device) policy reviewed by Chilean employment law counsel, with employees' specific informed acknowledgment, is the minimum requirement. Technical solutions that create a managed work container on personal devices, and restrict monitoring to that container, reduce legal risk substantially.

Processing Data Beyond Its Stated Purpose

Using monitoring data for purposes beyond what was disclosed at the time of collection will violate Law 21.719's purpose limitation principle. If your monitoring policy says productivity data is used for performance management, using that data to investigate an employee's suspected involvement in data theft requires a documented re-assessment of the processing purpose and notification to the employee (subject to exceptions for ongoing investigations where notification would prejudice the inquiry).

Indefinite Data Retention

Retaining monitoring data indefinitely — a common practice under Law 19.628's weak enforcement — will constitute a violation under Law 21.719 from December 2026. Employers must establish and enforce documented retention schedules before the deadline. Data retained without a current, documented justification must be securely deleted.

Does Chile's Employee Monitoring Law Apply to Remote and Hybrid Workers?

Yes. Both the current framework and Law 21.719 apply equally to employees working from home, in hybrid arrangements, or in other remote settings. Chile's telecommuting law (Law 21.220, enacted in 2020) addressed remote work conditions and reinforced that remote employees retain the same privacy rights as in-office employees.

Specific Considerations for Remote Employee Monitoring in Chile

Several issues become more acute in a remote monitoring context under Chilean law:

  • The home as a private space: A home office is a private residential space. While monitoring work activity on company equipment during agreed work hours is lawful, any monitoring that captures images, audio, or activity beyond the employee's work session encroaches on their home privacy — a more sensitive zone than a company break room.
  • Work hours boundaries: Monitoring must be limited to contracted working hours. Remote work creates ambiguity about where the workday ends — particularly for employees in flexible or results-based arrangements. Monitoring outside agreed working hours is disproportionate and likely unlawful.
  • Video monitoring: Requiring remote employees to maintain cameras on during work hours is a growing area of legal debate in Chile. Chilean labor commentators generally consider mandatory continuous video monitoring of employees in their homes to be disproportionate under Article 154 bis. Spot checks for video calls are different from continuous background video recording.

For employers managing Chilean nearshore or offshore teams, our nearshore and offshore team monitoring guide covers the additional complexity of managing cross-border monitoring compliance.

Remote Work Monitoring Policy: What to Include

A written remote work monitoring policy reviewed against Law 21.719 standards should specify:

  • Exactly which monitoring tools are installed on which devices
  • What data is collected (application usage, time tracking, productivity scoring, screenshots) and what is explicitly not collected (personal browsing during breaks, home environment video)
  • The hours during which monitoring is active
  • How data is stored, who has access, and for how long
  • How employees can exercise their access, rectification, deletion, and portability rights
  • Who to contact with concerns or objections

This policy should be a standalone document rather than buried in the general employment contract. Use eMonitor's employee monitoring policy template as a starting point and have it reviewed by Chilean employment law counsel before the December 2026 deadline.

Chile in Latin American Context: How Law 21.719 Compares to Brazil's LGPD and Argentina

Chile's Law 21.719 does not exist in isolation. It is part of a broader regional convergence toward GDPR-standard data protection that is transforming privacy compliance across Latin America. Understanding where Chile sits in this landscape matters for multinationals managing regional workforces.

Chile vs Brazil: Two GDPR-Inspired Frameworks

Brazil's Lei Geral de Proteção de Dados (LGPD), effective from 2020, was the first major GDPR-aligned framework in Latin America and has directly influenced Chile's Law 21.719. The two laws share the same structural DNA: multiple lawful bases, mandatory data minimization, a supervisory authority (Brazil's ANPD vs Chile's APDP), and data subject rights including portability. The key differences are in enforcement scale — Brazil's fines can reach 2% of revenue capped at R$50 million per infraction (~USD $10 million), while Chile's penalties are currently lower at 5,000 UTM (~$350,000 USD).

For employers operating in both countries, the good news is that a LGPD-compliant monitoring policy provides a strong foundation for Law 21.719 compliance. The frameworks are compatible, and a single overarching Latin American privacy framework can address both jurisdictions.

Colombia: A Comparable Model

Colombia enacted its data protection law (Law 1581 of 2012) earlier than most of the region and has developed mature regulatory guidance on employee monitoring. Chile's APDP is expected to look to Colombia's Superintendencia de Industria y Comercio for precedents as it develops its own enforcement approach. Employers with Colombian operations can draw on those compliance programs as a model for Chile.

The Regional Trend: Stronger Privacy Standards Are Here to Stay

Latin America's regulatory direction is unambiguous. As of 2026, 12 Latin American countries have enacted comprehensive data protection laws (ECLAC, 2025 Regional Privacy Survey). The region is converging on GDPR-equivalent standards, which means that employers who invest in building a principled, documented monitoring compliance program will benefit from transferable compliance infrastructure across jurisdictions — rather than managing a patchwork of country-specific exceptions.

For the broader picture of how monitoring law is evolving globally, see our guide to new employee monitoring laws taking effect in 2026 and our GDPR employee monitoring compliance guide.

Practical Compliance Checklist: 8 Steps Before December 1, 2026

With less than eight months remaining before Law 21.719 takes effect, the following checklist provides a practical roadmap. These steps are structured in order of priority, with the most urgent actions first.

  1. Audit Your Current Monitoring Practices

    Create a complete inventory of every monitoring tool in use: what data it collects, how it is stored, who has access, and how long it is retained. Include screenshot tools, productivity tracking software, attendance systems, GPS tools, DLP software, and any call or audio recording systems. This audit is the foundation for all subsequent compliance steps and will be required documentation if the APDP ever requests it.

  2. Document a Lawful Basis for Each Monitoring Activity

    For each monitoring tool and data type identified in the audit, document the lawful basis under Law 21.719. Complete a Legitimate Interest Assessment (LIA) for each activity where legitimate interest is the chosen basis. The LIA should identify the purpose, demonstrate necessity, and record the balancing test conclusion. Retain LIAs indefinitely — they are your primary defense against APDP enforcement.

  3. Update Employment Contracts and Internal Workplace Regulations

    Chilean employment law requires that monitoring policies be incorporated into the company's internal workplace regulations (reglamento interno) and communicated to employees. Review and update these documents to: name specific monitoring tools, describe what data is collected, state the lawful basis, identify the data retention period, and explain how employees can exercise their rights under Law 21.719. Consider a dedicated, standalone monitoring policy as a supplement. Download eMonitor's employee monitoring policy template as a drafting starting point.

  4. Assess Whether a Data Protection Officer Is Required

    Apply the DPO threshold assessment described earlier in this guide. If your monitoring activities meet the threshold, begin the DPO appointment process immediately. DPO recruitment or engagement of an external specialist takes time, and having a DPO in place before December 2026 is strongly advisable rather than scrambling at the deadline.

  5. Conduct DPIAs for High-Risk Monitoring Activities

    Identify any monitoring activities that fall into the high-risk category (continuous screen recording, biometric processing, AI behavioral profiling, communications monitoring). Complete a DPIA for each. Where the DPIA reveals unacceptable risks, either modify the monitoring approach to reduce risk to acceptable levels or consult the APDP before the law takes effect.

  6. Establish a Data Subject Rights Request Process

    Build and test an internal process for receiving and responding to employees' Law 21.719 rights requests: access, rectification, deletion, portability, and objection. The process should include: a dedicated intake channel (email address or form), a response workflow with timeframe tracking, a technical capability to extract individual employee data from your monitoring systems in a readable format, and a logging system for all requests and responses.

  7. Set and Enforce Data Retention Schedules

    Establish documented retention schedules for each category of monitoring data. Configure your monitoring tools to auto-delete data at the scheduled retention deadline, or establish a manual review and deletion process with an accountable owner. Delete any data currently retained without a documented justification — this is a specific legal obligation under Law 21.719 and should not wait until December 2026.

  8. Train HR and IT Teams

    Law 21.719 compliance is not a one-time project — it requires ongoing operational awareness across HR, IT, legal, and management teams. Conduct training covering: what monitoring is authorized and on what legal basis, how to handle employee rights requests, when to escalate unusual monitoring requests or potential violations, and how to manage new monitoring tool procurement within the legal framework. Training records should be maintained as evidence of compliance efforts.

For a detailed, downloadable version of this checklist with status tracking fields and implementation guidance, visit our compliance resource library.

How eMonitor Supports Law 21.719 Compliance

eMonitor is designed with privacy-first principles that align directly with Law 21.719's requirements. Over 1,000 companies worldwide rely on eMonitor for monitoring that respects employee privacy while delivering genuine productivity insights. Here is how the platform addresses Chile's specific compliance requirements.

Work-Hours-Only Monitoring

eMonitor activates tracking only during employees' scheduled work hours and automatically stops when they clock out. This directly addresses Law 21.719's proportionality requirements and ensures that monitoring data never captures employees' personal time — a critical protection when remote workers are involved. Managers cannot override this setting to extend monitoring outside scheduled hours, providing a technical safeguard that reinforces the legal obligation.

Employee-Facing Dashboards That Fulfill Access Rights

Law 21.719's right of access requires employers to provide employees with a copy of their monitoring data on request. eMonitor's employee dashboard gives each employee direct visibility into their own time data, productivity scores, activity logs, and attendance records — fulfilling much of the practical access obligation automatically and reducing the administrative burden of formal data subject rights requests.

Configurable Data Retention

eMonitor allows administrators to configure data retention windows for different data types — productivity logs, screenshots, activity records, and attendance data — with automated deletion at the configured retention boundary. This directly supports Law 21.719's purpose limitation and retention minimization requirements and provides a documented retention architecture that can be presented to the APDP as evidence of compliance.

Transparent Policy Management

eMonitor's monitoring policy framework generates clear, specific disclosure language describing exactly what data the platform collects, how it is processed, who has access, and for how long. This output can be incorporated directly into your internal workplace regulations to satisfy Law 21.719's transparency requirements.

Role-Based Access Controls

Law 21.719's security requirements demand that monitoring data access be restricted to those who need it for the stated purpose. eMonitor's granular role-based access controls ensure that HR administrators see different data sets than line managers, and that no employee can access monitoring data about colleagues. Every access event is logged with a timestamp and user identity — the audit trail the APDP expects employers to maintain.

For teams managing Chilean nearshore delivery centers or offshore service operations, see how eMonitor handles nearshore and offshore team monitoring across jurisdictions.

Build Your Chile Compliance Program Before December 2026

eMonitor's privacy-first platform helps you monitor productively and compliantly. Start your free trial or speak with our team about Law 21.719 readiness.

Start Free Trial — $3.50/user/month Book a Compliance Demo

This guide is provided for general informational purposes only and does not constitute legal advice. The information in this guide reflects our understanding of Chilean law as of April 2026. Law 21.719 and its implementing regulations continue to be refined ahead of the December 1, 2026 effective date, and the Agencia de Protección de Datos Personales may issue additional guidance that affects the analysis in this guide.

Employers with specific compliance questions should consult qualified Chilean employment law and data protection counsel. The application of Law 21.719 to specific monitoring practices will depend on facts and circumstances particular to each employer. eMonitor does not represent that use of its software alone constitutes compliance with Chilean law.

Frequently Asked Questions: Employee Monitoring Laws in Chile

Is employee monitoring legal in Chile?

Yes. Employee monitoring is legal in Chile when employers comply with Labor Code Article 154 bis, which requires proportionality, prior written notice to employees, and a prohibition on monitoring in private spaces such as bathrooms and break rooms. From December 1, 2026, Law 21.719 adds stronger requirements including a documented lawful basis, data minimization, and new employee rights to access, rectification, and deletion of monitoring data.

What is Chile's Law 21.719 and when does it take effect?

Law 21.719 is Chile's comprehensive data protection law — the most significant overhaul of Chilean privacy law since Law 19.628 was enacted in 1999. It takes full effect on December 1, 2026 and creates a new autonomous Data Protection Agency (Agencia de Protección de Datos Personales), introduces fines of up to 5,000 UTM (approximately $350,000 USD) for serious violations, establishes criminal liability for intentional breaches, and grants employees new rights including data portability.

What does Labor Code Article 154 bis require for employee monitoring?

Article 154 bis of Chile's Labor Code requires employers to: (1) respect employee privacy and dignity at all times; (2) provide prior written notice before implementing any monitoring system; (3) ensure monitoring is proportional to the legitimate business objective pursued; and (4) strictly prohibit any monitoring in private spaces such as bathrooms, changing rooms, and break areas. Violations may be reported to the Labor Directorate (Dirección del Trabajo).

Does Law 21.719 require employee consent for workplace monitoring?

Law 21.719 provides multiple lawful bases for processing personal data, including legitimate interest and contractual necessity — meaning consent is not always required. Chilean legal experts recommend using legitimate interest as the primary lawful basis for most monitoring because consent in an employment relationship is considered legally fragile. The power imbalance between employer and employee means consent may not be freely given. Employers should document their legitimate interest through a Legitimate Interest Assessment and provide clear written notice to employees.

When is a Data Protection Officer (DPO) required in Chile?

Under Law 21.719, a Data Protection Officer is required when an organization engages in large-scale or high-risk processing of personal data as a core activity. For employers, this typically applies to companies conducting systematic large-scale monitoring, those processing biometric data, and organizations using AI-driven behavioral analytics. Companies that are unsure whether their monitoring practices trigger DPO obligations should complete a DPIA before December 2026.

What fines can Chilean employers face for monitoring violations after December 2026?

Law 21.719 introduces a graduated penalty system. Minor violations carry fines up to 100 UTM (approximately $7,000 USD). Serious violations — including unauthorized monitoring, failure to notify employees, or excessive data collection — can reach 1,000 UTM (approximately $70,000 USD). The most grave violations, including willful breaches or mass-scale unauthorized processing, carry fines up to 5,000 UTM (approximately $350,000 USD). Criminal liability attaches to intentional violations.

What employee rights does Law 21.719 create regarding monitoring data?

Law 21.719 grants Chilean employees five data subject rights: (1) the right to access all monitoring data held about them; (2) the right to rectification of inaccurate records; (3) the right to deletion of data collected without a valid lawful basis; (4) the right to data portability in a structured, machine-readable format; and (5) the right to object to processing where the basis is legitimate interest. Employers must establish a documented process for receiving and responding to these requests before December 2026.

Can Chilean employers monitor remote employees working from home?

Yes, with limitations. Labor Code Article 154 bis and Law 21.719 apply equally to remote workers. Employers may monitor work activity during agreed working hours on company-owned or company-managed equipment. However, the proportionality principle means home-based monitoring must be limited to work-related activities and cannot capture the domestic environment. Mandatory continuous video surveillance of employees in their homes is generally considered disproportionate under Chilean law. A written remote work monitoring policy reviewed by legal counsel is strongly recommended before December 2026.

How does Chile's Law 21.719 compare to Brazil's LGPD?

Law 21.719 is explicitly modeled on the EU GDPR framework and draws substantially from Brazil's LGPD structure. Core parallels include multiple lawful bases, mandatory data minimization and purpose limitation, a supervisory authority with sanctioning powers, and data subject rights including portability. Brazil's fines are proportionally larger (2% of revenue, capped at R$50 million per infraction), while Chile's current maximum is 5,000 UTM (~$350,000 USD). For employers operating in both countries, an LGPD-compliant monitoring policy provides a strong foundation for Law 21.719 compliance. See our Brazil LGPD employee monitoring guide for a parallel analysis.

Does a DPIA apply to employee monitoring under Chilean law?

Yes. Law 21.719 requires a Data Protection Impact Assessment for high-risk processing activities. Employee monitoring involving biometric data, AI-based behavioral scoring, systematic analysis of communications, or continuous screen recording is likely to qualify as high-risk. Employers should complete DPIAs before implementing any new monitoring system post-December 2026, and should review existing systems against DPIA requirements before the effective date. Where a DPIA reveals unacceptable risks, the APDP must be consulted before processing begins.

What is the Agencia de Protección de Datos Personales and what powers does it have?

The Agencia de Protección de Datos Personales (APDP) is Chile's new autonomous data protection authority created by Law 21.719, beginning formal operations on December 1, 2026. The APDP has powers to receive complaints, conduct investigations and audits, issue binding guidance, impose fines up to 5,000 UTM, order data deletion, and publish enforcement decisions. It replaces the fragmented enforcement that characterized the Law 19.628 era and gives Chilean data protection genuine regulatory authority for the first time.

Sources and Further Reading

  • Law 21.719 — Ley sobre Protección de Datos Personales, Chile (published Diario Oficial, 2024; effective December 1, 2026)
  • Ley 19.628 sobre Protección de la Vida Privada, Chile (1999)
  • Código del Trabajo de Chile — Artículo 154 bis (Libro II, Título IV)
  • Ley 21.220 sobre Trabajo a Distancia y Teletrabajo, Chile (2020)
  • Dirección del Trabajo, Dictamen No. 3406/054 (guidance on electronic monitoring in the workplace)
  • ECLAC (Economic Commission for Latin America and the Caribbean) — Regional Survey on Data Protection Legislation, 2025
  • ANPD (Brazil) — Annual Enforcement Report, 2025
  • International Labour Organization — Telework: A Comparative Overview of Legislation in Latin America, 2024
  • Baker McKenzie — Latin America Data Protection Guide, 2025 Edition
  • Carey y Cía. — Analysis of Law 21.719: Key Changes for Employers (2025)

Related Compliance Guides

Employee Monitoring & Brazil's LGPD

Full compliance guide for monitoring employees under Brazil's LGPD — lawful bases, ANPD enforcement, and practical steps.

Read guide →

GDPR Employee Monitoring Compliance

The EU framework that inspired Law 21.719 — understand the GDPR rules that set the global standard for workplace monitoring.

Read guide →

New Employee Monitoring Laws in 2026

Every significant monitoring law taking effect in 2026 — Chile's Law 21.719, EU AI Act implications, and more.

Read guide →

Start Your Law 21.719 Compliance Journey Today

eMonitor gives you privacy-first monitoring built for the new era of Latin American data protection. Work-hours-only tracking, employee-visible dashboards, configurable retention, and audit-ready reporting. 1,000+ companies trust eMonitor worldwide.

Start Free Trial Download Policy Template

7-day free trial • No credit card required • From $3.50/user/month