On 1 August, Argentina’s Access to the Public Information Agency (AAIP) launched a consultation process to modify the country’s personal data protection law from 2000. The process is set to take place in September 2022, bringing together the government, private sector, civil society, and academia members, among others.
Towards a New Data Protection Legislation
The announcement does not come as a surprise. In February 2022, AAIP Director Beatriz Anchorena promised to update the personal data protection regulation by activating multistakeholder channels and studying international best practices. By May, Anchorena was meeting with the Head of Data Flows and Protection from the European Commission, Bruno Gencarelli. One month later, the data protection watchdog issued a statement confirming the appointment of Dr. Natalia Debandi as the Agency’s new Director of Privacy Protection.
Before this, the most recent effort to update Argentina’s personal data protection legislation occurred in 2020 when Congresswoman Karina Banfi (Unión Cívica Radical) submitted a bill proposing a new legal framework for personal data protection. Although discarded, the project required companies to adopt revamped privacy policies and, in certain situations, perform assessments on the impact of data usage on people’s privacy.
Riding the Data Privacy Wave
Anchorena’s move underscores Argentina’s need to keep up with the rising wave of privacy challenges posed by digital and emerging technologies, international data flows, and social media platforms, especially amid the Covid-19 pandemic.
Moreover, it demonstrates the country’s willingness to continue working towards aligning with global and regional standards. In 2019, Argentina became the third country in Latin America to ratify Convention 108+, an updated version of the legally-binding data protection treaty that obliges signatories to subscribe to European data regulation standards to encourage the safe transfer of personal information between countries.
Impact on Tech Companies
Updating the country’s data protection legislation could significantly impact tech companies, particularly if it considers enhanced regulations (e.g., compliance requirements and sanctions). Taken from previous interventions, it is likely for Anchorena to draw from international standards, namely the EU and Brazil.
Against this backdrop, businesses should keep a close eye on proposals related to the definition of data processing, data transfers and portability, consent, breach notification, and penalties for non-compliance, among others.
It remains critical for stakeholders to partake in the consultation process and play the balancing act of helping create harmonized regulation that promotes data transfers without compromising privacy.
Access Partnership closely monitors all development regarding data protection regulation in the Latin America region. For more information, contact Yamel Sarquis at [email protected] or Rodrigo Serrallonga at [email protected].
