Argentina – News on cross border data transfer.
By Candela Basilotta and Mariano Peruzzotti
On October 13th Resolution 198/2023 of the Argentine Agency for Access to Public Information, controlling authority of the Personal Data Protection Law (“Agency”) was published in the Official Gazette. This Resolution recognizes the Standard Contractual Clauses (“SCC”) drafted by the Ibero-American Data Protection Network (“Network”) as a valid mechanism to transfer personal data to non-adequate jurisdictions.
The Network constitutes an association of Spanish speaking countries in North, Central and South America, Brazil, Spain and Portugal. It is represented by relevant authorities and experts in the field and one of its goals is to develop initiatives and projects related to the protection of personal data in Ibero-American countries. The Agency is an active member of the Network together with other regional enforcement authorities.
In 2016 the Agency approved two set of SCCs that can be used in cases of international data transfers (controller to controller and controller to processor transfers) by means of Rule 60-E/2016. That rule also listed the jurisdictions that were deemed adequate by the Agency, namely member states of the European Union and the European Economic Area, Switzerland, Guernsey and Jersey, the Isle of Man, the Faeroe Islands, Canada (only the private sector), New Zealand, Andorra, Israel and Uruguay. Pursuant to Rule No. 34/2019, the U.K. and Northern Ireland were also included in such list.
By means of Resolution 198/2023 the Agency endorses the use of the SCCs created by the Network. Thus, any Argentine controller will be now allowed to use either the SCCs drafted by the Agency in 2016 or the clauses developed by the Network to validate the cross-border data transfer to non-adequate jurisdictions.
For further information please contact cbasilotta@ojambf.com or mperuzzotti@ojambf.com.
