In our recent post, we discussed how the Argentinian DPA (Agencia De Acceso A La Información Pública) announced the opening of a public consultation process on the proposal to update the countries existing data protection framework.
Through the consultation process, which has now been concluded, the agency received 173 opinions, contributions and comments from 123 participants. The participants composed members of the public, civil society organizations, universities and researchers, the private sector, as well as national and international public sector representatives.
After conclusion of the process, and analysis of all the received contributions, the institution presented the new draft Personal Data Protection Bill.
The original draft bill was already released during September (Resolution 119/2022) containing 11 Chapters and 76 articles. Numerous articles were since reviewed and amended during the process, and 4 new articles were added to the proposed framework, bringing the number of articles to 80.
A few highlights of the Argentinian Personal Data Protection bill
In general, the draft bill’s provisions appear to mirror the approach in the EU’s General Data Protection Regulation (GDPR).
The bill provides clarifications and definitions of concepts such as “data subjects” (limited to natural persons), “sensitive data”, “anonymization”, “informative self-determination”, “profiling”, “biometric data” and “genetic data”.
Other highlights of the new bill include:
- Introduction of data minimization, accountability and tech-neutrality principles;
- Special protection status for children;
- New rights for the holders of personal data (e.g. right to portability, right to oppose automated processing’);
- The introduction of the “Data Protection Officer” – DPO (mandatory in certain cases);
- The duty to notify the authority of security incidents (within 72 hours of becoming aware of incident);
- The use of Data Impact Assessments (mandatory in certain cases);
- New provisions on the extraterritorial application of the new Law (the new Law will apply to organizations outside Argentina, if they offer goods or services to, or monitor the behaviour, of persons in the country);
- Clarification on cross border data transfers, and situations when these will be permissible;
- New legal bases for the processing of personal data, not confined to consent ( and including “legitimate interest”);
- The bill creates a National Registry for Data Protection for the registration of data protection representatives or delegates in the country;
- It also provides for substantial fines (these can reach up to 4% of entities global annual turnover). The fine thresholds are adjustable annually.
Companies will have one year to adjust to the requirements of the new law, once enacted. The bill will now progress for further discussion in the Argentinian national congress.
Get in touch with us!
Was this information useful? Do you have any doubts on IP and Tech issues in Brazil and Latam? Just let us know. We will be glad to answer your questions.