Football club associations
The Argentine personal data protection authority, Agency for Access to Public Information (Agency), recently imposed penalties on various organisations for violations of the Personal Data Protection Law (No. 25,326) (PDPL). This article discusses the penalties imposed.
In the context of three different inspection proceedings conducted by the Agency, three football club associations were required to report on their compliance with the PDPL within 15 administrative working days.
As a consequence of not receiving the proper answers, the following violations were charged to the associations:
- failure to submit in due time the documents required in the framework of an inspection procedure;
- processing personal data without being registered with the national registry of databases in violation of article 3 of the PDPL; and
- in two of the cases, the violation of obstructing the exercise of the inspection proceedings.
Two of the associations were fined 51,002 Argentine pesos each ($468 at the current exchange rate), while the remaining one was fined 26,001 Argentine pesos ($238).
The claimant requested a bank to allow access to his personal data as a customer, in light of the fact that his home banking account included an unpaid debt that he did not recognise. As he received no response, the claimant filed a claim with the Agency.
The Agency requested the company to provide the relevant information about the case. Although the bank answered the request, the Agency considered that the response given by the bank failed to comply with the claimant's request.
Consequently, the company was penalised for not responding in due time to the request for access, rectification or removal of the personal data when legally appropriate.
The fine applied was of 80,000 Argentine pesos ($733).
The claimant requested a loan office to remove her personal data since the loan office had reported a debt to the Central Bank that she did not recognise. As she received no positive reply, the claimant filed a complaint with the Agency.
The Agency initiated an investigation for the following violations:
- failure to provide the information requested by the Agency in due time;
- failure to comply with the request for access, rectification or removal of personal data in due time; and
- failure to register the database with the corresponding national registry.
The Agency dismissed the last charge because the company had registered the database with the relevant registry, but it imposed a fine of 30,001 Argentine pesos ($294.62) for breaching the other provisions of the PDPL.
The claimant requested a religious institution to remove his personal data due to the fact that he no longer held the same religious beliefs. The institution refused the petition on the grounds that it had an obligation to keep the data pursuant to canon law.
The affected individual filed a claim with the Agency, which initiated an investigation on the basis of a presumed violation of the provisions of the PDPL, namely to keep inaccurate personal data or not proceed with the legally required correction, updates or removal thereof when the rights of individuals are affected.
The Agency considered that the reasons given by the institution did not justify the data protection rights violations; thus, it applied a fine of 80,001 Argentine pesos ($733).
Considering that there have been relatively few enforcement actions alleging violations of the PDPL since its enactment in October 2000, these cases may represent a trend towards greater governmental control of companies with regard to personal data protection. Therefore, with a view to the beginning of 2022, an increased severity can be expected when sanctioning those organizations that do not comply with the mandates of the PDPL.
For further information on this topic please contact Mariano Peruzzotti or Belen Sorrentino at Ojam Bullrich Flanzbaum by telephone +54 11 4549 4900 or email ([email protected] or [email protected]). The Ojam Bullrich Flanzbaum website can be accessed at www.ojambf.com.