Search for:

Argentina: Data Protection Authority publishes Draft Bill to update Personal Data Protection Law No. 25,326

By , , and 3 Mins Read

In brief

In line with the process of modernizing Personal Data Protection Law No. 25,326, the Agency for Access to Public Information (DPA) presented a Draft Bill of Personal Data Protection Law (“Draft Bill“).

In focus

On 12 September 2022, Resolution No. 119/2022, which includes the Draft Bill, was published in the Official Gazette.

The Draft Bill is structured in 11 chapters and includes the following novel articles, among others:

  • Definitions (Section 2). The definitions of biometric data, genetic data, data processor, data controller and data protection officer, among others, are added to the definitions set forth by the current Personal Data Protection Law. Legal entities are excluded from the definition of data subjects, and the category of sensitive personal data is expanded (it is clarified that the detailed list is an example only).
  • Territorial scope of application (Section 4). It contemplates the scenario in which the controller or processor is not established in Argentina but (i) processes data in Argentina, (ii) carries out processing activities related to the offer of goods or services to persons located in Argentina, or (ii) is located in a jurisdiction where Argentine laws apply.
  • Principle of proactive and demonstrated responsibility (Section 11). Also known as the ‘accountability’ principle. Basically, the controller or processor must adopt the necessary measures to ensure proper processing of personal data, which will help demonstrate the controller or processor’s effective implementation of the DPA.
  • Legal basis for data processing (Section 12). Similar to the General Data Protection Regulation of the European Union, the Draft Bill foresees six legal bases, one of which is the legitimate interest of the data controller. To determine the existence of a legitimate interest, a detailed assessment must be conducted considering the context, reasonable expectations of data subjects and other specific criteria.
  • Data processing of children and adolescents (Section 18). The consent of a minor is valid if they are at least 13 years of age. If the minor is under 13 years of age, consent will be valid only if granted by the parent or legal guardian.
  • Notification of security incidents (Section 20). As a general rule, in the event of a security incident involving personal data, the data controller must notify the DPA within 48 hours of becoming aware of it.
  • Fines (Article 60). The fines that the DPA may impose on data controllers and processors range from five to one million mobile units, or from 2% up to 4% of the total annual global turnover of the previous financial year. The mobile unit is set at ARS 10,000 (approximately USD 70 at the current official exchange rate) and will be updated on an annual basis using the variation of the consumer price index (CPI). Different fines will apply to the public sector.

A term of 15 business days is granted to provide suggestions, opinions and/or comments on the Draft Bill.

To this end, a registry for proposals and opinions on the Draft Bill is established at the DPA’s front desk (Av. Pres. Julio Argentino Roca 710, 3rd floor, City of Buenos Aires, Monday to Friday from 9:00 am to 4:00 pm), and online at https://www.argentina.gob.ar/aaip/consulta-publica-para-la-actualizacion-de-la-ley-de-proteccion-de-datos-personales.

In addition, informal comments can be sent to consultapublica@aaip.gob.ar. Comments will be published on the DPA website. Such comments will not be incorporated into the Draft Bill’s file.

Spanish version

Categories:
Author

Guillermo Cervio is a partner in Baker McKenzie’s Buenos Aires office. With more than 30 years of experience, he is recognized as a foremost practitioner in his field. He founded the IT/C team in Argentina and was the coordinator of the LatAm IT/C team from 2008 to 2017. He is currently a member of the Steering Committee of Baker McKenzie LatAm’s IPTC team.
Guillermo has authored books and articles on legal matters. He has won awards for his book “Derecho de las Telecomunicaciones” (National Academy of Law - Mención de honor, 1998, and Austral University - premio tesina,1997) as well as for the paper he filed in the IX National Congress on Corporate Law (Tucumán, 2004). He has been a professor at the University of Buenos Aires, Austral University, Palermo University, Catholic University and CEMA. In 2003, he was awarded the Folsom fellowship grant by the Center for American and International Law in Dallas.

Author

Martín Roth is a partner in the M&A, Real Estate and TMT practice groups in Baker McKenzie's Buenos Aires office. Martín has more than 13 years of extensive transactional domestic and international experience, focusing on the real estate and TMT industries. Prior to joining Baker McKenzie, he worked as a trainee lawyer on the Corporate, Banking/Finance and Litigation areas with a local law firm in Argentina. From 2007 to 2012, he worked in Baker McKenzie's Buenos Aires office. From 2013 to 2016, he worked as an independent attorney at another law firm. Martín rejoined the Buenos Aires office in 2016 and was named partner in July 2019.

Author

Valentina Biondi Grane is an Associate in Baker McKenzie, Buenos Aires office.

Author

Valentina Salas is an Attorney at Law in Baker McKenzie Buenos Aires office.

Related Posts