New Argentine Data Protection Bill - deadline to file comments with the DPA Feb 28, 2017
On February 2017, the Argentina Data Protection Agency (Dirección Nacional de Protección de Datos Personales or “DNPDP” or “DPA”) posted online in its website a draft bill for a new data protection act.
The bill was prepared taking into consideration several changes proposed by the public during 2016 and is heavily based on the EU GDPR. The DNPDP shall be accepting comments on the draft bill from February 1 to 24, 2017 using the Justicia 2020 at https://www.justicia2020.gob.ar/, the digital platform of the Government or by paper.
Among the changes introduced by the draft bill is the elimination of the duty to register databases. Also, the draft bill only recognizes individuals as data subject; the current data protection act covers both individuals and legal entities (e.g. companies). Moreover, the proposed bill adds several new definitions like biometric data and genetic data, among others.
The draft bill introduces new ways to determine whether an entity or certain data processing is subject to Argentine law, quite similar to the criteria found in the European General Data Processing Regulation. Also, and in connection with the European regulation, the proposed bill introduces new legal basis, besides consent, to allow data processing, like the legitimate interests of the data controller.
Among other changes, the draft bill makes an overhaul of the current section dealing with international transfers (including BCRs), introduces sections on child consent, cloud computing, data breaches, accountability, privacy by design, the duty to have a data protection officer and mandatory impact studies.
Credit reports, one of the main issues of the current data protection act, has receive certain amendments, like the manner that terms are counted regarding the duties over debtors personal data as well as the introduction of a duty to inform an individual in the event that certain agreement or equivalent was not entered into due to negative information contained in a credit report. It should be noted that, considering the elimination of protection for legal entities, the data protection act will not apply to financial information of corporations.
Finally, one of last amendments proposed by the DNPDP in its draft bill is the independence of the DPA from any other governmental entity; currently, the DNPDP depends from the National Ministry of Justice and Human Rights. The bill seeks to remedy one of the observations made by the European Union when Argentina was deemed a jurisdiction with an adequate level of data protection.
We expect the DPA to send the Bill to the President later this year. The Bill will be discussed during 2018 in Congress.
For more information on the proposed bill or to file comments on it, please contact us at firstname.lastname@example.org.
For further information on this topic please contact Pablo A. Palazzi