On 5 and 6 December 2022, Resolutions 240/2022 and 244/2022 were published in the Official Gazette. By means of these resolutions, the Access to Public Information Agency (AAIP) contemplates a new classification of infringements and sanctions applicable to conduct in breach of Law 25,326 and its related regulations.
The AAIP repealed provisions that regulated sanctions, replaced annexes that provided for the “classification of infringements” and “graduation of sanctions” and repealed the maximum applicable sanction when a condemnatory administrative act includes more than one pecuniary sanction for an identical punishable action within each of the levels of the “graduation of sanctions”.
The following are some relevant changes:
- The AAIP lowered the classification of some actions previously considered serious or very serious infringements. For example: (i) processing of personal data without being registered with the National Registry of Databases (“Registry“) was previously considered a serious breach and is now a minor one; and (ii) failure to register a personal database with the Registry when required to do so by the National Directorate for the Protection of Personal Data, and declaration of false or inaccurate data when registering with the Registry, were both previously considered very serious breaches and are now serious breaches.
- The AAIP increased the fines applicable to minor, serious and very serious infringements while it maintained the maximum fine applicable to very serious infringements (ARS 100,000). For minor infringements, the applicable maximum fine was increased (from ARS 25,000 to ARS 80,000). For serious infringements, there was an increase to the applicable minimum fine (from ARS 25,001 to ARS 80,001) and the applicable maximum fine (from ARS 80,000 to ARS 90,000). For very serious infringements, the applicable minimum fine was increased (from ARS 80,001 to ARS 90,001). In any event, even if not relevant from a monetary standpoint, these fines may result in reputational damage.
- The AAIP expanded the criteria to determine the applicable sanctions, including: (i) the acknowledgment or express acceptance of the breach by the offender before the sanction is imposed; (ii) the economic circumstances of the offender; (iii) the proven adoption of corrective measures and internal mechanisms and procedures capable of mitigating the damage; and (iv) whether the personal data of children and adolescents has been affected.
- The AAIP raised the maximum limits for applicable fines when a condemnatory administrative act includes more than one pecuniary sanction for an identical punishable actions within each of the levels of the “graduation of sanctions.” It provided a maximum limit of ARS 3 million for minor infringements (previously ARS 1 million), a maximum limit of ARS 10 million for serious infringements (previously ARS 3 million), and a maximum limit of ARS 15 million for very serious infringements (previously ARS 5 million).
Click here to access the Spanish version.