New Updates From The Supervisory Authority Regarding The Protection Of Personal Data In Argentina
If your company or organization processes personal data of Argentines as a data controller, please note that the Supervisory Authority on the protection of personal data of Argentina (the Agency for Access to Public Information or “Agency”), has issued updates regarding the registration of foreign companies, as well as the classification, grading and maximum limits of the infringements applicable in the event of non-compliance. Please find below a summary of these developments.
- Registration of foreign companies before the Agency
On November 29, 2022, the Agency enabled a new web form to be filled by companies and organizations located in foreign countries who process personal databases of Argentine persons, in order to proceed with their registration before the Agency, as foreign Controllers/ Responsible entities. It should be noted that, until now, the registration was only enabled for those responsible for databases with legal domicile in Argentina.
With this form, the registration obligation is now also extended to those Controllers with legal addresses abroad.
It is expected that from said registry the foreign Controllers will need to comply with the obligations derived from the exercise of rights of the data subjects (right of information, access, rectification, updating or deletion), among other related obligations, through the email to be informed to the Agency.
Likewise, the Agency will use such registered email for the purpose of notifying any requirement to the foreign Controller, among other uses related to applicable regulations that could derive from the new registration obligation.
The above-mentioned registration should be done through an online form that has the nature of an Affidavit and that requires providing the following information of the Foreign Controller: Telephone, Email Legal address and Country. Also, the registration requires determining an authorized person or proxy to carry out the procedure, and accredit said legal capacity, in addition to providing their contact information for the purposes of the registration.
- New Classification of Infringements
On December 5, 2022, Resolution AAIP No. 240/2022 was published in the Official Gazette, which derogates DNPDP Disposition No. 09/2015 and updates both the infringements classification regime and the sanction graduation regime.
Additionally, on December 6 of this year, AAIP Resolution No. 244/2022 was published, which updates the maximum fine limits to be applied when a sentencing administrative act includes more than one monetary sanction for the same punishable conduct.
Annex I of the Resolution updates the classification of infringements as follows:
-Minor infringements (for example, those related to the lack of registration before the National Registry of Databases or the lack of information in due time and form of modifications, updates or deletions).
-Serious infringements (the lack of registration of databases in the National Registry of Databases when required by the authority, the processing without adequate legitimization bases or various issues related to the exercise of rights by data owners, as well as the conduct of the data controller before the supervisory authority, among others).
-Very serious infringements (such as failure to report the legal address and other identifying data of the data controller before the National Database Registry or in its Privacy Policy, the transfer of personal data that do not provide adequate levels of protection, illegitimate assignments and the processing of sensitive data without sufficient guarantees, among others).
III. New Graduation of sanctions
The amounts of fines are updated as follows:
-Minor infringements: from PESOS ONE THOUSAND ($ 1,000.00) to PESOS EIGHTY THOUSAND ($ 80,000.00)
-Serious infringements: from PESOS EIGHTY THOUSAND ONE ($ 80,001.00) to PESOS NINETY THOUSAND ($ 90,000.00)
-Very serious infringements: from PESOS NINETY THOUSAND ONE ($ 90,001.00) to PESOS ONE HUNDRED THOUSAND ($ 100,000.00)
In addition, new aspects are incorporated to assess the application and graduation of the amount of the sanctions. At this point, we emphasize that, despite the issues already provided in the previous Provision -such as the nature of the personal rights affected, volume of the processing, benefits obtained, degree of intentionality and recidivism-, the enforcement authority will now also consider new aspects such as:
- the economic condition of the infringer
- the proven adoption of corrective measures and internal mechanisms and procedures capable of minimizing the damage, tending to the safe and adequate processing of the data
- whether the personal data of children and adolescents has been affected
- In the event of security incidents, the collaboration with the supervisory authority and the proven implementation of corrective measures, mechanisms and internal procedures capable of minimizing the damage by the data controller or data processor shall be taken into account.
Lerman & Szlak Services
If you have any queries about your organization’s compliance and/or need more information, please do not hesitate to contact us at info@lermanszlak.com.
You May Also Like
Nic Argentina Updated its Fees for all Registration Procedures, Renewal and Transfer of Internet Domains
Our Partner Cecilia Brazzola, Leader of Lerman & Szlak’s Corporate Law and Commercial Litigation Team Sets a Precedent in Franchising Matters
Creation of the Programme for Transparency and Protection of Personal Data in the Use of Artificial Intelligence
The Digital Access Service for Priority Documents (DAS-OMPI) Administered by WIPO Will be Extended to Trademarks, Models and Industrial Designs
Privacy And Email Marketing: Practical Recommendations For Collecting Personal Data And Using It Legally. Is Opt-out Still Enough?
Automated Processing of Personal Data: Implications for Argentina With The Approval Of The Modernized Convention 108
Argentina: Privacy and the Health Sector – Article Published by Gabriela Szlak in OneTrust Data Guidance (August 2022)
Entrepreneurs Club at AMIA: Our Associate Luciano Gutman Provided Legal Advice and Guidance To Entrepreneurs On Labor Law, Contracts And Intellectual Property
Gabriela Szlak And Celia Lerman Presented The ADC Report “Mercosur Electronic Trade Agreement: Challenges And Opportunities”
Law No. 27.685 On the Development and Production Promotion of Modern Biotechnology and Nanotechnology
Electronic Signature and Judicial Credit Enforcement: A Brief Analysis of The Ruling “Afluenta V. Oliva”
The General Inspectorate of Justice reduces the maximum term of duration of corporations incorporated in Buenos Aires City
The importance of Legal Agreements in the field of Family Businesses: Brief comments on the ruling “Strella v. Strella”
Entrepreneurs Club at AMIA: our associate Luciano Gutman provided tips and legal guidance on labor law, contracts and IP for entrepreneurs.
Lerman & Szlak’s team has been appointed in different Committees of the International Trademark Association (INTA) for the period 2022
Chambers & Partners distinguished our partner Celia Lerman as an Up-and-Coming practitioner in the Intellectual Property practice
General Resolution IGJ 8/2021. New restrictions of the Public Registry of the City of Buenos Aires for the registration of foreign companies in order to participate in local companies
Gabriela Szlak and Lucia Suyai Mendiberri write about the Personal Data Protection Bill in One Trust – Data Guidance
Shirly Galante published an article on challenges and strategies for the new trademark opposition resolution procedure in Argentina
Franchising in Food Industry and New Challenges in Times of Pandemic. Dark Stores and Mobile Delivery Applications
Resumption of deadlines of the procedures before the National Institute of Industrial Property (INPI)
Celia Lerman will lecture on legal ethics and artificial intelligence at the fifth edition of the Jornadas Sanisidrenses de Derecho
Argentina: Best privacy practices in email marketing campaigns – Article Published by Gabriela Szlak and Lucia Suyai Mendiberri in OneTrust’s Data Guidance
Gabriela Szlak successfully taught the course “Legal and Regulatory Aspects of Marketing and Digital Business” as Lecturer-in-Law at the Master’s degree in Strategic Management of Marketing and Digital Businesses, University of Buenos Aires
Celia Lerman Speaks about Open Intellectual Property Strategies at the Ministry of Productive Development of Argentina’s Open Innovation Online Course
Celia Lerman Will Teach About The Role Of Intellectual Property In The Open Innovation Online Course – Ministry Of Productive Development Of Argentina
The Argentine Supreme Court Allows E-Mail Filings for Complaints and Electronic Issuance of Judicial Decisions
Lerman & Szlak advised INVENTU and the National University of Rosario on Open Source Intellectual Property for their innovative respiratory emergency device
Creation of the Committee of Evaluation and Supervision of the Emergency Assistance Program for Jobs and Industry
Impact of the actions taken by the Government in the context of Sanitary Emergency caused by COVID-19
Lerman & Szlak advises Worcket, Argentine Start up combining HR and AI on its new investment round for US $ 1.5 million
Gabriela Szlak was part of the Experts Team, together with Mark Datysgeld and Andrew Mack, that presented a Study on “Building Sustained Business Constituency participation in Latin America”
Gabriela Szlak spoke on Data Protection and GDPR at the Argentine Direct Marketing Association (AMDIA) Email Summit, with Outstanding Possitive Feedback from the Audience
Gabriela Szlak Will Speak about New Trends on Data Protection and GDPR at the Email Summit Organized by AMDIA
