In Argentina, the constitution recognises in its article 43 individuals’ right to the protection of their personal data. Additionally, it was the first country in the region to enact a personal data protection law. Thus, it issued the Personal Data Protection Act (DPA) No. 25,326 in 2000.
In 2022, the Agency of Access to Public Information (AAPI) promoted a new bill to amend the DPA. However, we have prepared a short guide regarding the FAQs regarding Argentina’s current system on Data Protection. Read more below.
FAQs regarding the protection of personal data in Argentina
Argentina’s constitution, its Personal Data Protection Act (DPA), Regulatory Decrete 1558/2001 and Dispositions issued by the Argentine National Data Protection Agency (NDPA) set forth the system for the protection of personal data in Argentina.
The Data Protection Act creates the NDPA as the supervisory governmental authority of the law. However, in 2017, the National Decree 899/2018 designated the Agency of Access to Public Information as the authority in charge of DPA’s enforcement.
Data subjects have the right to access the information and request for rectification, update or deletion of it.
Argentina’s Personal Data Protection system recognises the following principles:
• Purpose proportionality.
• Legality.
• Data quality and accuracy.
• Purpose.
• Confidentiality.
• Temporary limitation.
However, Convention 108+ -which has been recently approved by the congress- and the new bill adopt some additional principles (i.e. accountability).
Yes, Controllers require Data Subject’s consent in order to collect and process Personal Data. Notwithstanding, the law foresees certain exceptions to this general rule in its article 5.
Article 25 of the Data Protection Act and the Regulatory Decree establish the responsibilites and obligations of data processors. Among other obligations, they must follow the controller’s instruction, comply with the Data Protection Law, protect the confidentiality and destroy the data once the obligations have been fulfilled.
Conclusion
To sum up, Argentina has been working on Data Protection for the last 20 years and is looking now to amend the Personal Data Protection Act. In addition, the new law will be in line with the obligations and principles established in the GDPR.
If you need advise regarding data protection in Argentina, contact us.