The Data Protection Authority issued a press release inviting the privacy community to discuss on possible modifications to the Data Protection Law No. 25.326.
The DPA recently issued a press release aiming to rethink the current legislation and seeking to encourage reflection on data protection regulation in Argentina on the basis of (i) the technological advances that have been made since the DPL was passed in 2000, (ii) the experience the DPA has gathered during that time, and (iii) the existence of a the new international context, particularly with the approval of the EU General Data Protection Regulation.
In these circumstances, the DPA holds that a reform is necessary and, therefore, poses the question on whether such an amendment should be partial or complete.
In that connection, it sets certain points of discussion for consideration. These include the identification of a number of proposed additions to the DPL, which are needed in order to update the text of the current law. Among them are the addition of regulation on accountability to demonstrate effective compliance with the DPL, the incorporation of a data protection officer for all public entities and some private entities, the inclusion of the right to be forgotten, and adoption of “privacy by design” policies and impact studies.
Moreover, the DPA proposes modifications to existing aspects of the DPL. It seeks to encourage debate on the objectives of the regulation and the extent of its protection. In particular, this includes discussion on whether the DPL should apply to individuals only or to entities as well. Additionally, the DPA states that the terms the law defines must be revised and extended as in some cases much debate and judicial interpretation has been necessary to fully understand the defined terms.
Furthermore, the DPA proposes to reform the underlying principles of the DPL. This could imply a review of provisions on international data transfer provisions, consent given by minors, and licit data treatment. The DPA also encourages debate on the possibility of requiring mandatory notification in cases of data breach (absent in the current law).
The press release also refers to the need to review rights and obligations of data owners, users and controllers. In this respect, it places special emphasis on the importance of revising regulations that are applicable to credit information.
In addition, the DPA encourages discussion on the institutional framework made by the DPL. This implies evaluating the independence of the DPA as an entity, something that was raised by the European Union when it evaluated Argentina’s level of personal data protection, and which could be important in light of the EU GDPR, which would demand periodical revisits once in force. The DPA also raises the issue of sanctions for non-compliance with the DPL, and how these could be made effective.
While the process carries significant weight because it is an initiative of the DPA, to the best of our knowledge the DPA has not worked on or prepared any draft bill to be discussed in Congress.
photo credit: Día de la bandera argentina via photopin(license)