Since 2001, the National Directorate of Data Protection has been tasked with being the controlling authority of the Data Protection Law No. 25,326. It also acts as the controlling authority of Law No. 26,951, which regulates the national Do-Not-Call Registry.
On a related note, Section 19 of Law No. 27,275 on Access to Public Information, passed in September 2016, created the Agency of Access to Public Information as its controlling authority. The agency is an autarchic entity that operates with functional autonomy within the President’s Chief of Staff Office. Its main duties will be to ensure compliance with the principles and procedures established by the law, as well as to guarantee access to public information and promote transparency.
Emergency Decree No. 746/2017, passed in September 2017, amended Section 16 of the Ministries Law and included among the duties of the President’s Chief of Staff those of guaranteeing the right of access to public information and controlling the application of the Data Protection Law.
In that connection, Decree 746 also amended Section 19 of the Access to Public Information Law, stating that the agency must also act as the controlling authority of the Data Protection Law. Furthermore, it established that the agency has the duty of supervising the integral protection of personal data in order to guarantee the rights of individuals to honor and privacy, as well as their right to access their personal data.
In November 2017, Decree 899/2017 amended Section 19 of Annex I of Decree No. 1558/2001, which established that the directorate was the controlling authority of the Data Protection Law, and replaced the directorate by the agency. Moreover, it also established that any reference to the directorate, its duties and authorities should be understood as a reference to the agency.
In part, the designation of the agency — which is autarchic and independent — as the controlling authority charged with the application of the Data Protection Law and the Do-Not-Call Registry Law is probably a response to an observation made by the European Union at the time of the recognition of Argentina as a country granting adequate protection for the purposes of international data transfer. When issuing its opinion, the European Union had commented negatively on the lack of independence of the directorate.
The Access to Public Information Law has not been regulated yet and there is some uncertainty as to which duties, if any, the directorate will maintain in connection with the Data Protection Law.
photo credit: Día de la bandera argentina via photopin (license)