Current legislation
Public consultation
Comment
Recently, the Data Protection Authority (DPA) announced the initiation of a process aimed at reforming the personal data protection regime.
Personal Data Protection Law No. 25,326 (PDPL) was passed in 2000. During these 22 years, several complementary provisions were approved, such as the Regulatory Decree No. 1558/2001 and many resolutions, rules and guidelines issued by the Agency for Access to Public Information, the local DPA. Argentina also joined Convention No. 108 for the Protection of Individuals with Regard to Automatic Processing of Personal Data and the Protocol Amending the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (Convention 108+). The ratification of Convention 108+ by congress is still pending.
The PDPL has its roots in some foreign legislation precedents, such as:
- Spain's Organic Law 5/1992;
- Spain's Organic Law 15/1999 on the Protection of Personal Data; and
- the EU Data Protection Directive (Directive 95/46/EC).
In 2018, the former administration introduced a data protection bill, but it was never discussed in congress, so it lost parliamentary status.
Pursuant to the DPA's announcement, the main goal of the process is to draft a new personal data protection law that would replace the current legislation. To that end, a public consultation will open in September 2022. Interested parties will be allowed to provide comments and contributions through a platform that will be available on the DPA's website.
The announcement further states that this new legal framework should address new challenges brought by technological transformation and the development of the digital economy. Moreover, this initiative should harmonise the latest current regional and international standards and at the same time take a human rights perspective and a sovereign view. The DPA has also listed the documents of reference that should be taken into account when drafting the bill, namely:
- the PDPL;
- the 2018 Bill on personal data protection;
- Law 27,483, which approved Convention 108;
- the EU General Data Protection Regulation (GDPR);
- the Personal Data Protection Standards issued by the Data Protection Ibero-American Network;
- the updated principles on privacy and personal data protection of the Organization of American States;
- the United Nations Educational, Scientific and Cultural Organization's recommendation on the ethics of artificial intelligence;
- the General Data Protection Law of Brazil; and
- the Organic Data Protection Law of Ecuador.
This initiative was long-awaited, considering that the current legislation is outdated and needs to be modernised. The world has changed dramatically over the past 20 years as a consequence of the technological developments. A new legal framework should address all these new challenges and follow the path of the latest regulations approved in other countries over the past few years.
Moreover, the adequacy decision obtained by Argentina in 2003 is currently under review by the EU Commission. The enactment of a new law that follows the GDPR's main principles might constitute an important milestone to maintain this status.
For further information on this topic please contact Mariano Peruzzotti at Ojam Bullrich Flanzbaum by telephone (+54 11 4549-4900) or email ([email protected]). The Ojam Bullrich Flanzbaum website can be accessed at www.ojambf.com.