Data Sovereignty Bill

Author:Mr Gustavo Giay and Diego Fernandez
Profession:Marval O'Farrell & Mairal

A bill to establish and regulate Argentina's data sovereignty was filed with Congress.

On March 9, 2017, a draft bill to regulate data sovereignty in Argentina reached the House of Representatives ("Bill"). The Bill was filed by representatives Sandra Mendoza, Adrián Grana, Carlos Castagneto, Eduardo Seminara, Juan Manuel Huss and Rodrigo Martín Rodríguez.

The Bill emphasizes the need for new regulation, in response to the growing amount of data generated by the Argentine public sector and its increasing importance. It further refers to the growing number of data centers located abroad, outside Argentina's jurisdiction.

In this context, the Bill stresses the need for certain data to be stored exclusively within the Argentine territory, in order to maintain sovereignty over the data and to ensure its security and accessibility, as well as compliance with Argentine regulations. To this effect, the Bill refers as an example to data centers located in the United States of America which are held to the USA Patriot Act, further stating that such access would not be in compliance with the rights guaranteed by the Argentine Data Protection Law No. 25,326.

Furthermore, the document clarifies that establishing data sovereignty is necessary to protect certain data from being accessed not only by foreign countries, but also by companies seeking to exploit them commercially.

The Bill employs certain terms used by the Budapest Convention on Cybercrime ("Budapest Convention"). It establishes the same definition of "computer data", which is understood as any representation of facts, information or concepts in a form suitable for processing in a computer system, including a program suitable to cause a computer system to perform a function. The Bill further builds on this concept to define "state-owned computer data" ("SCD") as any computer data belonging to, generated by or kept by any entity belonging to the national public sector, insofar as ownership of said data has not been transferred, or the data not been made public.

In addition, the Bill adopts a partial version of the definition of "service provider" contained in the Budapest Convention, stating that a service provider is any public or private entity that provides to users of its service the ability to communicate by means of a computer system.

The main purpose of the Bill is to protect digital information produced, generated or kept by the Federal State, to defend Argentina's data sovereignty...

To continue reading