Search for:

Argentina: Main amendments proposed by the Data Protection Bill of Law

By , and 4 Mins Read

In brief

The Data Protection Bill of Law submitted to Congress proposes significant amendments to the current regime and introduces mandatory provisions that are novel to Argentine legislation. For example, it includes express references to the extraterritorial scope of application and changes the traditional approach to the legal basis for the processing of personal data. In this alert, we address some of these changes and novelties. Note that the bill is still subject to amendments by both chambers of Congress.

Key takeaways

The bill proposes, among others, the following significant amendments to the current regime and introduces mandatory provisions that are novel to Argentine legislation: 

1. General provisions

The bill redefines the scope of the law, limiting it exclusively to the protection of personal data of individuals. This implies that legal entities, who are also considered data subjects in the current regime, are excluded from its scope.

The bill expands the territorial scope of the law by incorporating the principle of extraterritoriality and providing that the law may apply even when those responsible for the database are located outside the national territory.

2. Processing of personal data

The bill abandons the current logic based on the prohibition of processing personal data without securing consent of data subjects (limited exceptions apply), introducing assumptions that legitimize and justify the processing (including the legitimate interest of those responsible for the database).

The bill provides that the minimum age for granting consent is 16 years. In the current regime, a minimum age is not established and the sufficient capacity of the minor must be considered in accordance with the principle of progressive autonomy of the National Civil and Commercial Code (Resolution AAIP 4/2019).

The bill also includes the duty to notify security incidents both to the enforcement authority and data subjects.

3. Cross-border transfers

Instead of a system based on the prohibition of transferring personal data to countries that do not offer adequate levels of protection (with limited exceptions), mechanisms are foreseen to carry out the cross-border flow of personal data in a secure manner.

4. Rights of data subjects

The bill incorporates new rights, such as the right to limitation, portability and opposition, as well as rights related to automated decisions and profiling.

5. Duties of those responsible for the database

The bill introduces the figure of the Data Protection Delegate, the impact assessment related to data protection, and binding regulatory mechanisms. In addition, the bill incorporates the figure of the “representative” of those responsible for databases and data processors who are not established in Argentina but are subject to the application of the law.

Likewise, the bill creates the National Registry for the Protection of Personal Data, where those responsible for the database and processors must register.

6. Data protection of credit information

The bill provides that this personal data may only be processed in accordance with the legal basis set forth therein. In addition, among other novelties, the bill introduces the duty to notify any change to the data subject’s credit situation.

7. Procedures and sanctions

The bill introduces a mobile unit for the application of fines, which is subject to the variation of the Consumer Price Index, thus substantially increasing the amounts of the penalties. It establishes a maximum of 1 million mobile units, which at the initial value of such unit represents ARS 10 billion. In addition, the bill contemplates an alternative option for applying a fine of up to 4% of the offender’s total annual global turnover in the financial year prior to that of the application of the sanction.

8. Habeas Data Action

The bill expands the standing to sue for collective actions in the Habeas Data Action.

The bill may be subject to amendments by both chambers of Congress.

We want to thank Agustin Gastaldi, who is a Paralegal at BakerMcKenzie, for his contribution to this article.

Click here to read the Spanish version.

Categories:
Author

Guillermo Cervio is a partner in Baker McKenzie’s Buenos Aires office. With more than 30 years of experience, he is recognized as a foremost practitioner in his field. He founded the IT/C team in Argentina and was the coordinator of the LatAm IT/C team from 2008 to 2017. He is currently a member of the Steering Committee of Baker McKenzie LatAm’s IPTC team.
Guillermo has authored books and articles on legal matters. He has won awards for his book “Derecho de las Telecomunicaciones” (National Academy of Law - Mención de honor, 1998, and Austral University - premio tesina,1997) as well as for the paper he filed in the IX National Congress on Corporate Law (Tucumán, 2004). He has been a professor at the University of Buenos Aires, Austral University, Palermo University, Catholic University and CEMA. In 2003, he was awarded the Folsom fellowship grant by the Center for American and International Law in Dallas.

Author

Martín Roth is a partner in the M&A, Real Estate and TMT practice groups in Baker McKenzie's Buenos Aires office. Martín has more than 13 years of extensive transactional domestic and international experience, focusing on the real estate and TMT industries. Prior to joining Baker McKenzie, he worked as a trainee lawyer on the Corporate, Banking/Finance and Litigation areas with a local law firm in Argentina. From 2007 to 2012, he worked in Baker McKenzie's Buenos Aires office. From 2013 to 2016, he worked as an independent attorney at another law firm. Martín rejoined the Buenos Aires office in 2016 and was named partner in July 2019.

Author

Valentina Biondi Grane is an Associate in Baker McKenzie, Buenos Aires office.

Related Posts

Write A Comment