Argentina: Privacy and Data Protection-related Laws

Argentina is passing new data protection laws to replace its current regulations, the Personal Data Protection Law (DPL, link in Spanish), which was passed in 2002. Argentina is making this move because of recent advances in technology as well as because of the European passing of the GDPR. The Argentine bill wishes to conform more closely to the regulations in the GDPR. This bill is being discussed this year (2018) in Argentine Congress. (Source)

Argentine Data Protection Act of 2000 (Argentine Law 25,326)

The current law defines personal data as “information of any kind referring to certain or ascertainable physical persons or legal entities”. The processing of personal data requires consent from the data owner unless the data arises from a contractual relationship or a scientific relationship. Sensitive personal data can only be processed: (i) where there are circumstances of general interest authorised by law; or (ii) for statistical or scientific purposes provided data owners cannot be identified from that information.

Data owners are entitled to access their personal data free of charge and the data must be provided within 10 calendar days. (Source).

New Argentine Data Protection Draft Bill (not yet in force as of June 29, 2018).

As in the GDPR, the new draft bill requires data minimization, that the data collected is limited to what is necessary in relation to the purpose of collection, and shall be maintained in a way that allows the identification of the data holders no longer than necessary for those purposes. In the event of a security breach, the data controller must inform the data holder. Also like the GDPR, the new Argentine bill contains the concepts of protection of data by design and default.

The owner of the data may oppose the processing of their data by the data controller (right of opposition), when he or she has not given consent. The owner of the data also has the right to request the deletion (right of suppression) of personal data form databases and systems when the data processing does not have a public purpose, and the data is no longer necessary in relation to the purposes for which they were collected. However, deletion will not proceed if data deletion would impede the rights or legitimate interest of third parties, or would harm the public interest, or when it is necessary for the right to freedom of expression and information.

Under the new law, public organizations, organizations handling sensitive data or organizations involved with “large-scale data processing” must appoint a representative who is responsible for supervising compliance.

Many of the debates about privacy legislation and its import for blockchains are currently ongoing in Argentina as well as the EU, where the Argentine data privacy law primarily draws from. Guidance on laws may change their interpretation quickly over the next few years.


Previous Section Next Section

Have a comment, edit, or item to add? Share your thoughts by commenting below!

comments powered by Disqus