Argentina’s data protection authority, the Agency of Access to Public Information, published its Annual Report 2022, which highlights the most relevant aspects of its management regarding the protection of personal data.
The AAPI was created by Law No. 27,275 on the Right of Access to Public Information as an autonomous entity with functional autonomy within the scope of the President’s Chief of Staff Office. It is the authority of application of Law No. 27,275 on the Right of Access to Public Information, Law No. 25,326 on the Protection of Personal Data, Law No. 26,951 on the National Do Not Call Registry. One of its objectives is to strengthen public policies for the protection of personal data. In March 2022, Director of the AAPI Beatriz de Anchorena was appointed through a public hearing process.
The report highlights one of the AAPI's main actions in 2022 was to promote the updating of Law No. 25,326 on the Protection of Personal Data. To this end, it indicates the AAPI initiated a public consultation process during September and October 2022, in conjunction with 11 dialogue tables with participants from the national, regional and international fields, where civil society organizations, business chambers, authorities and officials from the public sector, academic and professional references, and various specialists in the field of personal data protection were represented, throughout which 173 opinions, contributions, and comments were received. This process resulted in the presentation of the New Personal Data Protection Bill, published in November 2022 and updated in February.
Moreover, in 2022 the AAPI promoted Argentina's accession to the Amending Protocol to the Convention for the Protection of Individuals regarding Automatic Processing of Personal Data, also known as Convention 108+, the only international instrument on the protection of personal data. On 30 Nov. 2022, Convention 108+ was enacted through Law No. 27,699. Argentina is the second Latin American country to be part of Convention 108+, after Uruguay.
In addition, the report indicates the AAPI modified the classification of infringements and sanction graduation of the data protection law through Resolutions No. 240/2022 and 244/2022, emphasizing the repetition of infringements will be considered when evaluating the sanction to be applied. In turn, Resolution No. 244/2022 updates the maximum fines applicable to several infringements included in the same administrative procedure. The AAPI also published Resolution No. 255/2022 on guiding criteria and indicators of best practices in the application of the DPL regarding genetic data.
Likewise, the report lists the administrative proceedings processed by the AAPI during 2022 and highlighted:
- At 27% more than in 2021, 491 proceedings were initiated due to complaints filed under the DPL.
- The AAPI issued 63 resolutions, of which 52 were sanctioning resolutions for DPL infringements. These resolutions established fines totaling ARS7,383,061.
- The National Directorate of Personal Data Protection processed 452 judicial requests.
- 1,349 database controllers and 2,035 databases were registered, of which 1,947 correspond to private databases and 88 to public databases.
- Seven public investigations were conducted, including a health insurance company, the National Ministry of Health, infringements in the 2022 census and a fintech company.
- The Do Not Call Registry saw 24,045 complaints filed. Additionally, 219,320 lines were registered, accumulating a total of 1,884,505 registered lines.
- In addition, the AAPI issued 42 resolutions, of which 24 are sanctioning resolutions for infringements to Law No. 26.951 creating the National Do Not Call Registry. Complaints increased by 90% compared to the previous year. These resolutions established fines totaling ARS66,000,000. The most reported companies were telephone companies and cable operators.
- Finally, 11,171 identity documents were added to the list of questioned documents.
Additionally, the report indicates the AAPI participated in various international forums and organizations representing Argentina, including:
- The 44th Global Privacy Assembly, which brings together 130 authorities and experts in the field globally. Argentina assumed the presidency of the GPA Strategic Direction Subcommittee and cosponsored a resolution on principles and expectations for the appropriate use of personal information in facial recognition technology.
- The Ibero-American Data Protection Network, as members of the Executive Committee.
- The Council of Europe with the signature of Convention 108+.
- World Press Freedom Day Global Conference, in the working session "The Right to Privacy, Freedom of Expression, and Protection of Personal Data."
Lastly, the report also notes that the AAPI participated in various international working groups, including the following:
- G-20.
- The Organisation for Economic Co-operation and Development Working Group on Bribery in Business Transactions.
- U.N.
- World Trade Organization Joint Initiative on E-Commerce.
- Mercosur-Singapore Free Trade Agreement.
- Mercosur Digital Agenda Group.
- Third Meeting of the United States-Argentina Commercial and Investment Council.
- VII Innovation and Creativity Forum for Development Argentina-United States.