New version of the Personal Data Protection Bill

New version of the Personal Data Protection Bill

By Mariano Peruzzotti y Andrea Sanchez Vicentini

In February of this year, the Argentine Agency for Access to Public Information (“AAIP”) published a new version of Argentina’s Personal Data Protection Bill (“Bill”). As we commented in a previous edition of the BeNews (see here), the AAIP announced last year that it began the process of reforming the Personal Data Protection Law No. 25,326, which was enacted in 2000. The first version of the Bill was published in November last year.

The changes introduced in this new version are listed below:

  • In the definition of “Processing of personal data”, the “publication” of data is added as an operation considered processing.
  • It is added that specific limitations to the exercise of the rights of data subjects may be established if there is a well-founded order issued by a competent judicial or administrative authority in cases where actions related to investigations within the framework of their powers could be hindered.
  • The definition of “Credit institutions” is added and, consequently, a new article is incorporated which establishes that the Central Bank of the Argentine Republic will publish, within the framework of its competence, the information provided by credit institutions regarding the compliance or non-compliance with obligations of patrimonial content. Likewise, the term for the storage of credit information in those cases in which the debtor cancels or extinguishes its obligation was increased from one year to two years.
  • The notion of “Memory, Truth and Justice” is included in relation to crimes against humanity. This notion must be considered as a value to be taken into account in order to reconcile the right to the protection of personal data, as well as a limit to the prohibition of the processing of sensitive data and to the right to the erasure of data.
  • With respect to the one-year term to adapt to the obligations contained in the Law (grace period), it is added that upon request and in exceptional cases with duly grounded reasons, the enforcement authority may grant data controllers and processors an extension.

The Bill is currently at the Legal and Technical Secretariat of the Chief of Cabinet (National Executive Branch). It has not yet been submitted to Congress.

The text of the Bill is available in Spanish at the following link.

For further information please contact: y/o

Share post: