In the context of the International Data Protection Day, on 26 January 2024, the Agency of Access to Public Information (AAIP, its acronym in Spanish) published their “Recommendations to protect personal data on the internet”. The AAIP provided five recommendations to users of any digital platform that entails the assignment of personal data.
The European Commission concluded that personal data transferred from the European Union (EU) to Argentina are adequately protected and, therefore, can continue to flow freely from the EU to Argentina. On 15 January 2024, the Commission published its conclusions regarding the first review of the adequacy decisions adopted — pursuant to Article 25(6) of Directive 95/46/EC — in 1995. In these decisions, the Commission had determined that 11 countries or territories, including Argentina, guaranteed an adequate level of protection of personal data. This allowed data transfers from the EU to these countries.
Following Administrative Decision No. 641/2021 on “Minimum information security requirements for the national public sector,” the AAIP approved its information security policy. The purposes of the policy are to protect the information resources of the AAIP and the technological tools used for their processing; ensure the confidentiality, integrity, availability, legality and reliability of information, and strengthen the adequate implementation of security measures, identifying available resources.
By means of Resolution No. 198/2023, published in the official gazette on 18 October 2023, the Agency of Access to Public Information (AAIP) approved the model contractual clauses included in the Implementation Guide of Model Contractual Clauses for International Personal Data Transfers of the Ibero-American Data Protection Network (MCC and IADPN, respectively).
By means of Resolution No. 44/2023, the Chief of Cabinet of Ministers: (i) approved the Second National Cybersecurity Strategy; (ii) created the Cybersecurity Management and Cooperation Unit; and (iii) established the functions of the Executive Unit of the National Cybersecurity Committee.
Through Resolution No. 161/2023, published in the official gazette on 4 September 2023, the Agency for Access to Public Information (AAIP) created the Program for Transparency and Protection of Personal Data in the Use of Artificial Intelligence and entrusted its execution, monitoring and evaluation to the National Directorates of Evaluation of Transparency Policies and Protection of Personal Data.
The Data Protection Bill of Law submitted to Congress proposes significant amendments to the current regime and introduces mandatory provisions that are novel to Argentine legislation. For example, it includes express references to the extraterritorial scope of application and changes the traditional approach to the legal basis for the processing of personal data. In this alert, we address some of these changes and novelties.
By means of Resolution Nos. 93 and 94, the Agency for Access to Public Information (AAIP for its acronym in Spanish) approved: (i) the Program on Transparency, Document Management and Archives; and (ii) the Strategic Plan for the period 2022-2026, respectively.
The National Executive Branch submitted Message 87/2023 to the Honorable Chamber of Deputies of the Nation with the Personal Data Protection Bill of Law (“Bill”).
The Bill is the outcome of a participatory, open and transparent process led by the Agency for Access to Public Information, which included the publication of the Personal Data Protection Draft Bill and its subsequent opening for public consultation. After receiving a total of 173 opinions, contributions and comments, the AAIP presented the Bill to the NEB and now the latter has submitted the Bill to Congress.
On 2 June 2023, Disposition 2/2023 of the Undersecretariat of Information Technologies of the Cabinet Chief was published in the official gazette, approving the “Recommendations for a Reliable Artificial Intelligence”.