The Data Protection Bill of Law submitted to Congress proposes significant amendments to the current regime and introduces mandatory provisions that are novel to Argentine legislation. For example, it includes express references to the extraterritorial scope of application and changes the traditional approach to the legal basis for the processing of personal data. In this alert, we address some of these changes and novelties.
By means of Resolution Nos. 93 and 94, the Agency for Access to Public Information (AAIP for its acronym in Spanish) approved: (i) the Program on Transparency, Document Management and Archives; and (ii) the Strategic Plan for the period 2022-2026, respectively.
The National Executive Branch submitted Message 87/2023 to the Honorable Chamber of Deputies of the Nation with the Personal Data Protection Bill of Law (“Bill”).
The Bill is the outcome of a participatory, open and transparent process led by the Agency for Access to Public Information, which included the publication of the Personal Data Protection Draft Bill and its subsequent opening for public consultation. After receiving a total of 173 opinions, contributions and comments, the AAIP presented the Bill to the NEB and now the latter has submitted the Bill to Congress.
On 2 June 2023, Disposition 2/2023 of the Undersecretariat of Information Technologies of the Cabinet Chief was published in the official gazette, approving the “Recommendations for a Reliable Artificial Intelligence”.
On 17 April 2023, Argentina became the 23rd country to ratify Convention 108+, which aims to protect the privacy of individuals against possible abuses in the processing of their personal data. Argentina ratified Convention 108+ during the Privacy 2023 Symposium held in Venice between 17 and 21 April.
In line with the process intended to update Data Protection Law 25,326, the Agency for Access to Public Information announced on its official website the presentation of the Bill of Law on Personal Data Protection in the National Congress.
With Resolution No. 263/2023, published on 17 March in the Official Gazette, the National Communications Entity (Ente Nacional de Comunicaciones (ENACOM)) approved a new Regulation for the Collection of Personal Data and Identity Validation of Users of Mobile Services that Hold a Mobile Number.
The Argentine Central Bank issued Communication ‘A’ 7724, which updated the technology and information security risk standards to strengthen the cyber resilience of financial institutions. The Communication will become effective on 6 September 2023.
On 16 February 2023, Argentina signed the Second Additional Protocol to the Convention on Cybercrime, known as the Budapest Convention, becoming its 35th signatory state. The Second Protocol responds to the challenge of obtaining electronic evidence that may be stored in foreign jurisdictions when carrying out criminal investigations. It also aims to provide tools to enhance cooperation and disclosure of electronic evidence.
Every 28 January, Data Protection Day is celebrated to remember the date on which Convention 108 for the Protection of Individuals with Regard to the Automatic Processing of Personal Data was opened for signature. As technology continues to develop and influence the manner in which we make decisions, data protection is confronted with new and dynamic challenges. Data protection is not something companies can easily tick from a to-do list. Instead, the latest tech developments and modern-day regulations require daily and ongoing efforts to proactively demonstrate compliance.