Draft Data Protection Bill

Author:Mr Gustavo Giay and Diego Fernandez
Profession:Marval O'Farrell & Mairal

In June 2016 the Data Protection Authority ("DPA") issued a press release fostering a process of rethinking the current Data Protection Law ("DPL") (more information here).

This process was primarily grounded on (i) the technological advances that have been made since the DPL was passed in 2000, (ii) the experience which the DPA has gathered in that time, and (iii) the existence of a new international context, particularly with the approval of Regulation (EU) 2016/679 of the European Parliament and of the Council.

The debate was conducted within the different activities conducted by the DPA and was part of the Justice 2020 Program (Programa Justicia 2020), guided by the Ministry of Justice and Human Rights.

Subsequently, the DPA published the results of these activities to grant transparency and publicity to the debate.

The Spanish version of the document can be downloaded here.

Recently, the DPA issued a statement making public a Draft Bill for the Protection of Personal Data ("Draft Bill") which - if passed into law by Congress - will replace in its entirety the current DPL as well as Law No. 26,951, which created and regulates the Do Not Call Registry.

The most relevant modifications and inclusions of the Draft Bill are the following:

First, the current DPA is replaced by the Argentine Data Protection Agency, which will have functional autonomy and will be dependent of the Ministry of Justice and Human Rights. This structural change addresses an observation made by the European Community when approving Argentina as an adequate country for the international transfer of data.

On the other hand, the Draft Bill limits the concept of data subject to natural persons and excludes legal entities, which is in line with European legislation.

Moreover, it expands the scope of the protection to the integral protection of personal data, independently of whether it is stored in a database, whether the database is public or private, or if the database is aimed at providing reports.

In the light of the European legislation, it revisits general concepts included in the current DPL such as data base, personal data and sensitive data, and it incorporates new ones such as genetic data, biometric data and cloud computing.

Furthermore, and in line with the elimination of the registration requirement for databases containing personal data, the Draft Bill includes accountability obligations.

The general legal basis for the treatment of personal is still the...

To continue reading