Automated Processing of Personal Data: Implications for Argentina With The Approval Of The Modernized Convention 108
After being approved by the Argentine Chamber of Deputies, the modernized Convention 108 or also identified as Convention 108+ (updated version of Convention 108 for the Protection of Individuals with respect to Automatic Processing of Personal Data), the Executive issued last November 30, Decree No. 792/2022, by which the approving Law No. 27,699 was enacted.
In this post we analyze how these regulatory advances which strengthen privacy standards, on the one hand, favor and enhance the digital economy of our country facilitating its global integration, and on the other hand, help Argentina to maintain the status of adequate country before a possible review process by the European Council.
The following is a brief review of the background of the modernized Convention 108, as well as the implications of its approval at the national level.
Convention 108
The Convention for the Protection of Individuals regarding Automatic Processing of Personal Data No. 108 (hereinafter “Convention 108”) was signed in 1981 in the city of Strasbourg (France), to protect the privacy of individuals against possible abuses in the processing of their data, being the only binding multilateral instrument on the protection of personal data.
The adhesion to this Convention was open to any non-member State of the Council of Europe, which is why it became an international standard synonymous with legal security in privacy matters for any State that decides to sign it.
This Convention entered into force in Argentina on June 1, 2019 and was opportunely approved by National Law No. 27,483.
Convention 108 modernized
The thirty-five years after Convention 108 was opened for subscription, it became necessary to modernize it to face the advance of new technologies and globalization of processing operations, which brought with them additional risks to the privacy and fundamental rights and freedoms of individuals.
This Convention strengthens the evaluation mechanisms and the original principles, imposing broader obligations on those who process personal data.
Among the new features included in this Convention, the following stand out:
– New data processing principles as key elements of the protection mechanism, such as:
- the principle of transparency: data must be processed in a fair and transparent manner, collected for specific, legitimate purposes, and not processed in a way that is incompatible with these purposes. To this end, further details to be informed by data controllers (e.g., companies) to data subjects (e.g., users) are determined;
- the principle of proportionality: processing must be proportionate to the legitimate aim pursued and reflect at all stages a fair balance between all the interests involved;
- the principle of demonstrated responsibility or accountability: those who process personal data must be able to demonstrate that the data processing under their control complies with the applicable regulations};
- the principle of data minimization: the data processed must be adequate, not excessive in relation to the purpose of processing and must not be kept longer than necessary.
Privacy by design: those who process personal data, whether as controllers or processors, must first analyze the probable impact that the processing may have on the fundamental rights and freedoms of the data subjects.
Extension of the definition of sensitive data to include genetic and biometric data.
Obligation for organizations that process personal data to report security incidents.
Recognition of new rights for data subjects:
- The right not to be subject to a decision based solely on automated processing,
- request to know the logic behind a processing operation when the results are applicable to him/her, and,
- the right to object to such processing
Greater involvement of the principle of proactive accountability, which implies a greater obligation on organizations that process personal data not only to comply with data protection rules, but to be able to demonstrate compliance with them.
Updating the regulations on transborder data flow: For example, it is specifically clarified that when the recipient is subject to the jurisdiction of a State or international organization that is not a Party to the Convention, the transfer could be carried out by ensuring an appropriate level of protection through international agreements, guarantees approved in legally binding instruments or if the data subject gives his or her explicit consent. The supervisory authority may also request the controller to demonstrate the effectiveness of the safeguards, and may prohibit such transfers, suspend them or make them subject to conditions.
New attributions and powers of the supervisory authorities and extension of the legal bases for international cooperation.
Implications of the approval of this Convention
The approval of the modernized Convention 108 implies historic regulatory advances for Argentina, both from a local and international perspective.
In principle, at the local level, it implies the adoption of updated and binding international standards on privacy issues, in line with the principles set forth in the European General Data Protection Regulation (better known as “GDPR”).
It should be noted that Argentina, through the approval of this Convention, must incorporate the provisions of this international treaty, in order to ensure its practical application.
In this context, the Agency for Access to Public Information (the “Agency”) prepared a Draft Bill Proposal that updates the current regulations in force regarding Personal Data Protection (Law No. 25,326), which is inspired by the guidelines of Convention 108+ and the General Personal Data Protection Regulation (GDPR).
In particular, within the framework of a public consultation process for the updating of National Law No. 25,326, enacted in 2000, the Agency, after having completed the process of receiving and reviewing comments, published the final version of the Preliminary Draft, which will be submitted to Congress in the near future.
In line with Convention 108+, the Preliminary Draft emphasizes all the points mentioned above, which are part of the modernized Convention, such as the new principles for processing, including proactive or proven liability, privacy by design, new rights for data subjects, regulation of security incidents and extension of sensitive data to include genetic and biometric data, among other issues.
On the other hand, from the international aspect, it is relevant to point out that, among some of the advantages brought by this Convention, is that of encouraging and enhancing the digital economy in a world without borders, positioning Argentina in its global integration as a State that has a robust framework that respects the highest standards of privacy.
Finally, the approval of the modernized Convention 108 is an auspicious step for Argentina to maintain its status as an adequate country in the event of an eventual review process by the European Council. It should be highlighted that on June 30, 2003, Argentina was considered as a country with adequate legislation by the European Commission by means of Commission Decision C (2003) 1731.
It is important to bear in mind that beyond the acts of internal approval, the entry into force of Convention 108+ depends on the one hand, on an act of ratification to be carried out by Argentina at the international level and, on the other hand, on the conditions of entry into force established by the Convention itself.
You May Also Like
Nic Argentina Updated its Fees for all Registration Procedures, Renewal and Transfer of Internet Domains
Our Partner Cecilia Brazzola, Leader of Lerman & Szlak’s Corporate Law and Commercial Litigation Team Sets a Precedent in Franchising Matters
Creation of the Programme for Transparency and Protection of Personal Data in the Use of Artificial Intelligence
The Digital Access Service for Priority Documents (DAS-OMPI) Administered by WIPO Will be Extended to Trademarks, Models and Industrial Designs
Privacy And Email Marketing: Practical Recommendations For Collecting Personal Data And Using It Legally. Is Opt-out Still Enough?
Argentina: Privacy and the Health Sector – Article Published by Gabriela Szlak in OneTrust Data Guidance (August 2022)
Entrepreneurs Club at AMIA: Our Associate Luciano Gutman Provided Legal Advice and Guidance To Entrepreneurs On Labor Law, Contracts And Intellectual Property
Gabriela Szlak And Celia Lerman Presented The ADC Report “Mercosur Electronic Trade Agreement: Challenges And Opportunities”
Law No. 27.685 On the Development and Production Promotion of Modern Biotechnology and Nanotechnology
Electronic Signature and Judicial Credit Enforcement: A Brief Analysis of The Ruling “Afluenta V. Oliva”
The General Inspectorate of Justice reduces the maximum term of duration of corporations incorporated in Buenos Aires City
The importance of Legal Agreements in the field of Family Businesses: Brief comments on the ruling “Strella v. Strella”
Entrepreneurs Club at AMIA: our associate Luciano Gutman provided tips and legal guidance on labor law, contracts and IP for entrepreneurs.
Lerman & Szlak’s team has been appointed in different Committees of the International Trademark Association (INTA) for the period 2022
Chambers & Partners distinguished our partner Celia Lerman as an Up-and-Coming practitioner in the Intellectual Property practice
General Resolution IGJ 8/2021. New restrictions of the Public Registry of the City of Buenos Aires for the registration of foreign companies in order to participate in local companies
Gabriela Szlak and Lucia Suyai Mendiberri write about the Personal Data Protection Bill in One Trust – Data Guidance
Shirly Galante published an article on challenges and strategies for the new trademark opposition resolution procedure in Argentina
Franchising in Food Industry and New Challenges in Times of Pandemic. Dark Stores and Mobile Delivery Applications
Resumption of deadlines of the procedures before the National Institute of Industrial Property (INPI)
Celia Lerman will lecture on legal ethics and artificial intelligence at the fifth edition of the Jornadas Sanisidrenses de Derecho
Argentina: Best privacy practices in email marketing campaigns – Article Published by Gabriela Szlak and Lucia Suyai Mendiberri in OneTrust’s Data Guidance
Gabriela Szlak successfully taught the course “Legal and Regulatory Aspects of Marketing and Digital Business” as Lecturer-in-Law at the Master’s degree in Strategic Management of Marketing and Digital Businesses, University of Buenos Aires
Celia Lerman Speaks about Open Intellectual Property Strategies at the Ministry of Productive Development of Argentina’s Open Innovation Online Course
Celia Lerman Will Teach About The Role Of Intellectual Property In The Open Innovation Online Course – Ministry Of Productive Development Of Argentina
The Argentine Supreme Court Allows E-Mail Filings for Complaints and Electronic Issuance of Judicial Decisions
Lerman & Szlak advised INVENTU and the National University of Rosario on Open Source Intellectual Property for their innovative respiratory emergency device
Creation of the Committee of Evaluation and Supervision of the Emergency Assistance Program for Jobs and Industry
Impact of the actions taken by the Government in the context of Sanitary Emergency caused by COVID-19
Lerman & Szlak advises Worcket, Argentine Start up combining HR and AI on its new investment round for US $ 1.5 million
Gabriela Szlak was part of the Experts Team, together with Mark Datysgeld and Andrew Mack, that presented a Study on “Building Sustained Business Constituency participation in Latin America”
Gabriela Szlak spoke on Data Protection and GDPR at the Argentine Direct Marketing Association (AMDIA) Email Summit, with Outstanding Possitive Feedback from the Audience
Gabriela Szlak Will Speak about New Trends on Data Protection and GDPR at the Email Summit Organized by AMDIA
