Market overview

Kinds of transaction

What kinds of cloud computing transactions take place in your jurisdiction?

Almost all kinds of cloud computing transactions take place in the region.

In connection with public cloud services, software-as-a-service (SaaS), infrastructure-as-a-service (Iaas) and platform-as-a-service (PaaS) are all common. Of these segments, SaaShas has had the most marked growth in the recent years. Private cloud models have mostly been adopted by different types of companies.

There has been a growing interest in cloud solutions from the insurance, telecommunications and banking industries. Furthermore, both the national and local governments have begun turning to cloud solutions, in any of these architectures (Saas, IaaS or PaaS).

Active global providers

Who are the global international cloud providers active in your jurisdiction?

The most common providers operating in Argentina include Oracle, IBM, Microsoft Azure and AWS.

Active local providers

Name the local cloud providers established and active in your jurisdiction. What cloud services do they provide?

Oracle, Microsoft and IBM are the main providers, although not all of them have Saas, Iaas, and Paas as part of their service offering.

Also, most telecommunications companies provide cloud computing capabilities to offer their services to companies and homes. Local companies providing cloud services include Claro, Movistar and ARSAT (a government-owned telecommunications company). The business model is mostly based on providing hosting and offering flexible payment options.

Market size

How well established is cloud computing? What is the size of the cloud computing market in your jurisdiction?

Despite the fact that many companies have already acquired cloud solutions, cloud architecture is today under analysis by different companies as a way to modernise, update or escalate their solutions.

Cloud architecture solutions are being incorporated by new small and medium-sized companies that now have access to world-class solutions. At the same time, cloud services have also been incorporated by large corporations with a need to update their current solutions to be able to escalate and move quickly to more modern solutions.

Impact studies

Are data and studies on the impact of cloud computing in your jurisdiction publicly available?

To the best of our knowledge, there are no hard studies with specific numbers. Nevertheless, cloud services allow companies to start new businesses or new operating units in a few months. These are some of the benefits that companies will find when turning to cloud services.

Policy

Encouragement of cloud computing

Does government policy encourage the development of your jurisdiction as a cloud computing centre for the domestic market or to provide cloud services to foreign customers?

In general, Argentina does not have a federal policy to encourage the development of the country as a cloud computing centre for the domestic market or provide cloud services to foreign customers.

However, Argentina has a law that seeks to foster the growth of the software industry in general and has also recently enacted Law No. 27,506, which provides for a promotional regime for the Knowledge Economy, which aims to promote economic activities that apply the use of knowledge and the digitalisation of information (supported by progress in science and technology) to obtain goods, provision of services or improvements in processes (see question 7).

Furthermore, the Argentine government is involved in cloud computing through ARSAT. ARSAT has constructed a state-of-the-art data centre with the goal of facilitating cloud computing for consumers. The data centre’s design and construction has made it the sole Uptime Institute Tier III data centre in Argentina. The data centre has also received ISO/IEC Certification 27001:2013 as well as Communication ‘A’ 4609 approval from the Argentine Central Bank, both of which certify the rigour of the data centre’s information security.

Moreover, despite the fact that there is no formal government law specifically fostering the development of cloud architecture, many industry associations publish different recommendations regarding the cloud.

Incentives

Are there fiscal or customs incentives, development grants or other government incentives to promote cloud computing operations in your jurisdiction?

Although there are no specific regulations to promote cloud computing in Argentina, the Software Promotion Law No. 25,922 (the Software Law) sets forth a broadly supportive regime for the software industry in general, that will remain in effect until 1 December 2019.

Pursuant to this law, Argentine-incorporated companies whose activities are the creation, design, development, production, implementation, adjustment, or upgrade of developed software systems and their associated documents, may participate in the benefits created by this regime, provided they comply with certain requirements. Beneficiaries of the regime will benefit from:

  • fiscal stability;
  • conversion of certain monthly social security tax payments into a tax credit;
  • non applicability of any VAT withholding or collection regimes;
  • a 60 per cent reduction in the total amount of corporate income tax as applied to income derived from software activities; and
  • exclusion from any kind of present or future restriction on the currency transfers matching the payouts for imports of software products by the beneficiaries, provided the imported goods are necessary for the software production activities.

Furthermore, the Promotion Regime of Knowledge Economy Law No. 27,506 provides for a promotional regime (the Regime), which will become effective as of 1 January 2020 and will be valid until 1 December 2029. Among others, the regime will benefit the following activities: software, computer and digital services; audiovisual production and post-production; biotechnology, neurotechnology and genetic engineering; geological and prospecting services and others related to electronics and communications; professional services as long as they are exported; nanotechnology and nanoscience; aerospace and satellite industry; nuclear industrial engineering; artificial intelligence, robotic and industrial internet, the internet of things, augmented and virtual reality, etc.

Regarding the tax benefits of the Regime, we highlight the following:

  • Fiscal stability: as of the moment of the registration and for the term of validity of the Regime. This benefit may be also extended to provincial and municipal taxes, as long as such jurisdictions adhere to the law.
  • Income tax: the general corporate tax rate is reduced to 15 per cent, to the extent that the beneficiaries maintain their payroll. In addition, beneficiaries will be allowed to deduct a tax credit derived from any payment or withholding of foreign taxes, if the taxed income constitutes an Argentine source of income.
  • Value added tax (VAT): beneficiaries will not be subject to any withholding and/or collection VAT regimes.
  • Employer social security contributions: beneficiaries will be able to fully detract from their employer social security contributions, in relation to each employee, an amount equal to the maximum established in article 4 of Decree 814/2001 (which currently is 17,509.20 pesos).
  • Additional benefit: beneficiaries will be able to obtain a one-time transferrable tax credit bond, which can be used for paying advances or balances of income tax or VAT. The bond is equal to 1.6 times the amount of the employer’s social security contributions that the beneficiary did not pay due to the benefit mentioned in the above paragraph.

In addition, it is worth noting that, from a customs perspective, cloud computing services may not be construed as a ‘good’ that may be imported. However, pursuant to a new regulation on the export of services, cloud computing services that are rendered in Argentina but exploited abroad may be construed as an ‘export’ subject to export duties.

Some specific provisions may apply when importing servers into Argentina, depending on which tariff code they are subject to under the Mercosur Common Nomenclature. These goods are singled out as ‘technological goods’ and, if imported new, have a reduced VAT rate (10.5 per cent) for their definitive importation, are exempt from the statistical fee (0.5 per cent over cost, insurance and freight (CIF) valuation) and are also exempted from some advanced payments on internal taxation collected upon the definitive importation of goods.

These are also capital goods that, if imported on a used condition, are subject not only to regular import taxation but also to a specific regime that alters their import duties rate (up to twice the import duty rate) and requires a specific certificate granted by the Ministry of Production before its importation. Depending on their tariff position, the importation into Argentina of used servers may be completely forbidden.

Legislation and regulation

Recognition of concept

Is cloud computing specifically recognised and provided for in your legal system? If so, how?

Cloud computing is not recognised or regulated by a specific law.

However, there are different regulations that apply to matters that may relate indirectly to cloud computing, including general provisions on contract law, data protection, consumer protection, labour, intellectual property, tax and public procurement regulations. Taken as a whole, these constitute the framework that would apply to cloud computing.

Governing legislation

Does legislation or regulation directly and specifically prohibit, restrict or otherwise govern cloud computing, in or outside your jurisdiction?

There is no legislation that directly and specifically prohibits, restricts or otherwise governs cloud computing in Argentina.

Section 8 of the Argentine Digital Law No. 27,078 (the ADL), as amended by Decree 267/2015, establishes that the provision of information, communications and technology services (ICT services) requires a corresponding licence. ICT services are defined by the ADL as the set of resources, tools, equipment, software, applications, networks and means that allow the compilation, processing, storing and transmission of information, such as voice, data, text, video and images, among others. Section 6, subsection (g) of the ADL establishes that each ICT service will be subject to its specific regulatory framework.

At present, there is no specific telecom regulation in Argentina governing cloud computing services. In principle, cloud computing services would not fall under the Argentine telecoms regulations since they would not be an ICT service with specific regulation but merely an application of - or business solution that runs on - the public internet, provided locally by an authorised local internet service provider. Therefore, a reasonable interpretation is that cloud computing services would not be subject to any licensing or other regulatory requirement in Argentina.

Discussions of a new legal framework for telecommunications (and media) activities are still pending. Thus, if such discussions are resumed there may be changes in such regulations in the future and we cannot disregard those changes affecting cloud computing services.

Finally, in connection with personal data protection and regulation of international data transfers, see question 15.

What legislation or regulation may indirectly prohibit, restrict or otherwise govern cloud computing, in or outside your jurisdiction?

There are several provisions that could indirectly restrict or otherwise govern cloud computing, and which could apply depending on the characteristics and nature of the services and the parties involved.

For instance, the Argentine Data Protection Law No. 25,326 will apply to the use of cloud computing insofar as it entails the processing of personal data. The Consumer Protection Law No. 24,240 (the CPL) will also apply to cloud services if they are provided to consumers. Market-specific laws like Decree No. 274/2019 of Fair Trade may also be relevant. Furthermore, general intellectual property, tax and labour regulations should be taken into account.

Breach of laws

What are the consequences for breach of the laws directly or indirectly prohibiting, restricting or otherwise governing cloud computing?

There are no laws directly prohibiting, restricting or otherwise governing cloud computing. In the case of any laws that may apply indirectly, consequences will vary depending on the pertinent regulation.

For instance, in the case of the Argentine Data Protection Law No. 25,326, a breach may lead to administrative sanctions, civil proceedings, or criminal penalties. The Data Protection Authority (DPA) may apply the following administrative penalties in the event of violation of the Argentine Data Protection Law:

  • observation;
  • suspension;
  • fines of between 1,000 and 100,000 pesos (DPA Rule No. 71 E/2016 capped fines applicable for various infringements encompassed by the same administrative proceeding, stating a maximum cap of 5 million pesos);
  • business closure; or
  • cancellation of the database.

Sections 117-bis and 157-bis of the Criminal Code also punish, with between one month and three years of imprisonment, those who:

  • illegally insert false information in a database;
  • knowingly supply false information stored in a database to a third party;
  • knowingly and illegally gain access to a database containing personal data in violation of its security systems;
  • disclose personal data protected by duty of confidentiality pursuant to law; or
  • illegally insert data in a database.

In the case of any infringements of the Consumer Protection Law No. 24,240, the following sanctions:

  • observation;
  • fines of between 100 and 5 million pesos;
  • seizure of infringing merchandise or products;
  • business closure or suspension of the provided service for up to 30 days;
  • suspension for up to five years from the registries that allow suppliers to contract with the government; and
  • loss of concessions, privileges, and any special tax or credit conditions.

Further, the CPL provides that punitive damages may be imposed on the infringer.

Additionally, in case of violation of the Fair Trade Decree, the Authority may impose the following sanctions:

  • fines of up to 264 million pesos;
  • suspension of licences to contract with the state;
  • potential loss of any tax or credit exemptions or benefits; and
  • closing of business for up to 30 days.
Consumer protection measures

What consumer protection measures apply to cloud computing in your jurisdiction?

If cloud computing services are provided to consumers, Argentine consumer protection regulations will apply. In particular, the CPL and the provisions of the Civil and Commercial Code (the CCC) on consumer electronic contracts will be relevant.

The CPL protects consumers, defined as any physical person or entity that acquires or uses, whether for a fee or not, goods or services as an end user, for its own benefit or for the benefit of its family or social group.

Some central aspects of general protection consumer law that may be relevant to e-commerce are the following:

  • under the CPL, every description of the service or product advertised by any means of communication is considered part of the offer and a binding term of the contract;
  • suppliers are forbidden from compelling the consumer to reject goods or service to avoid the payment of a fee (opt-out sales); and
  • the CPL entitles the consumer to terminate the contract by the same means used to agree upon it (ie, telephone, internet, etc).

Further, section 40 of the CPL states that there is joint liability between all those involved in the supply chain for damages resulting from defects or risks associated with goods or service.

In addition, the CCC contains provisions that refer specifically to the protection of consumers in electronic transactions (sections 1106-1116). For instance, an important provision is section 1106, which states that electronic means may be used in contracts and have the same force of law as written contracts. Section 1110 CCC grants consumers a 10-day term to revoke the online transaction (with exceptions for: goods that are personalised or that, by their nature, cannot easily be returned; video or audio recordings or software that upon delivery can be quickly and indefinitely stored and copied; and for daily or periodical publications, such as newspapers). Moreover, section 2655 CCC provides that if the cloud computing service located outside offers or advertises the service in Argentina, or performs another activity in Argentina in connection with the proposed contract, and the targeted consumer also performs acts in Argentina addressed at executing the contract, then, Argentine law (CCC and CPL) will apply. In turn, section 2654 CCC states that the court of the place where the consumers perform acts addressed at executing the contract has jurisdiction to hear their claims. Choice of law and jurisdiction clauses will be almost certainly set aside by local courts, which would apply the provisions of the CCC instead.

Sector-specific legislation

Describe any sector-specific legislation or regulation that applies to cloud computing transactions in your jurisdiction.

In the public sector, there is no specific legislation or regulation that applies to cloud computing transactions at a federal level. However, the Federal Information Technology Office - responsible to the Government Secretariat of Modernisation - has approved a Code of Good Practice for the Development of Public Software in the Elaboration, Extension and Improvement of Software Solutions for the Public Sector (Disposition No. 2/2019) (the Code), applicable to the federal public sector. Pursuant to its section 3, all public sector agencies must manifest compliance with the Code every time a software project is carried out.

The Code includes number of recommendations that relate to cloud services, such as:

  • the public sector should choose cloud-services solutions over any other option when requesting new information technology services;
  • public sector entities will choose which cloud service to procure; and
  • providers of cloud services to the public sector will have to comply with certain minimum requirements during the procurement process.

In general terms, public procurement regulations provide for the sanction of particular bidding terms and conditions for each type of procurement. Pursuant to Argentina’s political system, the procurement legal framework differs in each jurisdiction and can also vary depending on the relevant entity. The procurement framework at the federal level mainly consists of:

  • Decree No. 1023/2001; and
  • Decree No. 1030/2016 (together, the General Legal Framework), which provide general rules that cannot be neglected even by way of private negotiation.

Pursuant to the General Legal Framework, it is the public sector that will determine and announce the service that needs to be procured, along with the scope and modalities under which the service will be rendered, by means of the bidding terms and conditions and the technical specifications.

In relation to the banking industry, it is worth noting that in November 2017, the Argentine Central Bank issued Communiques which made important modifications to the regulations which apply to the decentralisation, outsourcing and delegation of activities of financial entities. Among other faculties, these regulations authorised financial entities to hire information technology services provided by third parties, subject to the condition that such activities fall within the list provided by the Argentine Central Bank.

These new rules were an important update to the regulatory framework applicable to financial entities, and aimed to allow them to make a more extensive use of technological services.

Insolvency laws

Outline the insolvency laws that apply generally or specifically in relation to cloud computing.

Where a company fails to meet its obligations, the contractual provisions entered into by the parties are the first source of regulation for the conflict. In B2B contracts, where the negotiation leverage is supposedly fairer for the parties, the contract will govern what occurs in cases of non-compliance, which will generally come about if a company becomes insolvent. In B2C contracts, the same contractual provisions will apply with the caveat that, in this case, consumer-specific legislation might apply and might offer more protection to a customer.

In connection with insolvency, general insolvency laws will apply to cloud computing, since there is no specific regulation in connection with insolvency and cloud computing services. The most important Argentine regulation on this matter is the Law on Reorganisation and Bankruptcy Proceedings No. 24,522.

If the reorganisation procedure regulated by this law is successful, the service provider should be able to clear its debts and continue operating. Therefore, the provision of services to the customer should remain relatively unaffected. If, however, the service provider undergoes bankruptcy, the customer would, at some point, stop receiving the services. The customer would have to direct any actions - such as claims for services paid but not performed - against the insolvent entity in the bankruptcy proceeding.

Data protection/privacy legislation and regulation

Principal applicable legislation

Identify the principal data protection or privacy legislation applicable to cloud computing in your jurisdiction.

Argentine Data Protection Law No. 25,326 (the Argentine Data Protection Law) will apply to the use of cloud computing insofar as it entails the processing of personal data. The Argentine Data Protection Law, and its accompanying Decree No. 1158/01, constitute the main framework on data protection in Argentina. They are enforced by the DPA.

The Argentine Data Protection Law defines personal data as any kind of information referring to identified or identifiable individuals or legal entities. The general principle under the Argentine Data Protection Law is that any processing of personal data (including any disclosure, collection, storage, amendment and destruction) must be specifically consented to by the data subject. Such consent must be prior, given freely, based upon the information previously provided to the data subject (informed) and expressed in writing or by equivalent means, depending on each case.

Several provisions of the Argentine Data Protection Law and its complementary regulations can be relevant in connection with cloud computing. These include its provisions on cross-border data transfers, data processing agreements, and security measures and confidentiality obligations.

Regarding cross-border data transfers, the Argentine Data Protection Law prohibits the transfer of personal data from Argentina to other countries or to international organisations if the countries or organisations do not provide an adequate level of data protection, with certain exceptions. In cases when adequate data protection is not set up, transfers may still be made when the data subject consents to the transfer or when adequate protections arise from contractual clauses or self-regulated systems (as, for example, Binding Corporate Rules).

DPA Rule No. 60-E/2016 (Rule 60) provides a list of jurisdictions which the DPA considers to provide an adequate level of protection. These are the member states of the European Union and the European Economic Area, Switzerland, Guernsey and Jersey, the Isle of Man, the Faroe Islands, Canada (only applicable to their private sector), New Zealand, Andorra, the United Kingdom and Northern Ireland, and Uruguay. Moreover, Rule 60 approved two sets of standard model clauses addressing the two most common types of data transfers: the assignment of data to a third party and the transfer of data for the rendering of data-processing services.

In connection with data processing, any entities that provide outsourced processing services, including cloud computing entities, are considered data processors. In that case, the Argentine Data Protection Law requires a data processing agreement between data processor and data controller. Decree No. 1558/2001 provides that the agreement must:

  • detail the security measures mandated by the Argentine Data Protection Law;
  • include the parties’ confidentiality obligations;
  • establish that the data processor will only act as instructed by the data controller; and
  • establish that the data processor is also bound by the Argentine Data Protection Law’s data security requirements.

The data may only be used for the purpose outlined in the agreement, and may not be assigned. After the data processing has been rendered, the data must be destroyed.

Lastly, in relation to security and confidentiality, the Argentine Data Protection Law states that the data controller and the data processor must adopt the necessary technical and organisational measures to guarantee the protection and confidentiality of the data. DPA Resolution No. 47/2018 approved two sets of recommendations in connection with security measures for the processing and conservation of personal data. One is aimed at computerised data processing, while the other is aimed at non-computerised processing. They include guidelines on measures on collection, access, modification, recovery and destruction of data, as well as on vulnerability management, security incidents and development.

Cloud computing contracts

Types of contract

What forms of cloud computing contract are usually adopted in your jurisdiction, including cloud provider supply chains (if applicable)?

As a rule, cloud computing contracts are generally non-negotiated, and customers may choose from different options. Pay-as-you-go type subscriptions, baseline agreements and PaaS subscriptions are all common. In baseline agreements, the customers are able to estimate the amount of services they expect to require, which allows them to have access to better pricing conditions than those available in pay-as-you-go models.

Overall, provisions contained in cloud services agreements are more or less standardised among different global providers, and tend not to vary greatly.

Typical terms for governing law

What are the typical terms of a B2B public cloud computing contract in your jurisdiction covering governing law, jurisdiction, enforceability and cross-border issues, and dispute resolution?

In connection with governing law, some providers establish the law and courts of the country where their headquarters are located. However, providers with local presence may establish the application of Argentine law instead. Dispute resolution terms may differ, and include local courts, foreign courts or arbitration.

Choice of law and jurisdiction clauses may be subject to restrictions if Argentine law applies. For example, under the CCC, disputes arising from consumer agreements cannot be resolved by arbitration.

Typical terms of service

What are the typical terms of a B2B public cloud computing contract in your jurisdiction covering material terms, such as commercial terms of service and acceptable use, and variation?

In connection with commercial terms, providers tend to offer a range of various rates and prices for different services. Payment schemes can be either fixed or offer greater flexibility. Prices are usually set in US dollars and converted to Argentine pesos at the exchange rate applicable when issuing the invoice. Most providers allow for payment in US dollars or Argentine pesos.

Acceptable use policy terms usually list behaviours and actions that are considered unacceptable, and state that the provider reserves the right to discontinue the service if the customer engages in these activities. Regarding variations in the terms of service, providers tend to include provisions that allow them to alter the terms and conditions of the services and regulate how notification occurs.

Typical terms covering data protection

What are the typical terms of a B2B public cloud computing contract in your jurisdiction covering data and confidentiality considerations?

Cloud computing contracts tend to provide that the service providers will implement security measures to protect their customer’s content and prevent any unauthorised access. In particular, this type of agreements may establish that only the service provider’s employees or contractors will have access to the customer’s content and, only as required, to render the services. Some systems may include the possibility of encrypting certain data, or of replicating data in different servers to ensure access to the content in the event of a system failure.

Typical terms covering liability

What are the typical terms of a B2B public cloud computing contract in your jurisdiction covering liability, warranties and provision of service?

Cloud computing services contracts generally contain clauses which limit the provider’s liability. Some of these clauses limit the total liability of the provider for any claim to the amounts paid for the service. Others state that liability is limited to the farthest extent allowed by the applicable laws.

Under the CCC, any provisions that limit liability are invalid if they affect inalienable rights, are against good faith, good customs or imperative laws, or are abusive.

In relation to warranties and provision of services, it is common for agreements to include a clause that states that services are provided ‘as-is’. Conversely, they tend to exclude specific warranties, such as non-interruption of services or freedom from errors. They may, however, include clauses related to a reasonable level of care or diligence.

Typical terms covering IP rights

What are the typical terms of a B2B public cloud computing contract in your jurisdiction covering intellectual property rights (IPR) ownership in content and the consequences of infringement of third-party rights?

In connection with IPR ownership of content, cloud computing contracts usually state that the customers’ content belongs exclusively to them, and that the agreement grants the service provider no IPR rights. Any access or use of the content by the service provider is generally restricted to that which is necessary to provide the services.

Moreover, cloud services agreements generally state that the customer is responsible for its content, and must obtain all the necessary consents and ensure that there is no infringement of third-party rights. An infringement of third-party rights could be listed as an action that violates acceptable use. In addition, there could be a limitation of liability or indemnity provision related to IPR claims filed by third parties for customer content.

Typical terms covering termination

What are the typical terms of a B2B public cloud computing contract in your jurisdiction covering termination?

Considering that, in the case of B2B cloud computing, the services provided may be important for the customer to be able to continue its ordinary business, the terms of a cloud contract may include provisions that aim to regulate the transition to another service provider or the migration of data.

Regarding termination, contracts usually state that either party may terminate the cloud services agreement due to non-compliance of the other party. From the standpoint of the service provider, a customer infringement could include lack of payment, violation of the acceptable use provision or infringement of third-party rights. There may also be a unilateral right to terminate the contract for both parties, after a certain prior notice has been granted.

Employment law considerations

Identify any labour and employment law considerations that apply specifically to cloud computing in your jurisdiction.

There are no labour or employment law considerations that specifically apply to cloud computing. As a result, general principles and provisions set forth in international treaties, the Argentine National Constitution, the Labour Contract Law No. 20,744, collective bargaining agreements, case law and any other labour regulations could be applicable.

These general principles include the employer’s ability to organise the company economically and technically, and the control over the worker’s activity and working conditions. A corporate policy on electronic communications and tools in the workplace could be considered among those instructions. In turn, employees’ compliance with the policy could be regarded as part of the duty of due diligence and cooperation. A case-by-case analysis, though, is key to confirming this rule as applicable to specific facts.

During the past few years, labour case law has been developing an increasing broad concept of working tools, which have included not only a corporate email account, but also information technologies, computers, software, internet access and internet use, among others.

As a result, case law and most legal authors agree that corporate email and other communication tools should be deemed as work tools and, thus, the employer should be authorised to duly control its use. Nevertheless, taking into account that the situation is doubtful and has no specific legal framework, it is of high relevance that monitoring of any kind over the employee’s electronic communications and devices is performed with extreme caution, as the existence of potential claims cannot be ruled out. The chances of an employer’s success in the event of a claim for such unilateral email control would be higher, yet with no result guaranteed, if there is a specific policy regarding terms and conditions for use of the electronic communications and devices, duly notified to the employees in writing. This provides employees with a hard copy of the internal policy applying to the employees in Spanish, or two languages, and the employer should have them sign an acknowledgement of receipt and acceptance of its terms and conditions in wet ink signature that, among other aspects, would be convenient to expressly indicate:

  • how to use email accounts provided by the company;
  • that the employer is entitled to regularly check and monitor such email accounts and there shall be no expectation of privacy; and
  • that any breach to the employer’s policies could lead to the applicable sanctions.

Taxation

Applicable tax rules

Outline the taxation rules that apply to the establishment and operation of cloud computing companies in your jurisdiction.

Any company performing activities in Argentina will be subject to the general tax regime. In addition, if the company complies with the requirements set forth in the Software Law (which will remain in effect until 1 December 2019) and/or the Promotion Regime of Knowledge Economy Law (which will become effective as of 1 January 2020 and will be valid until 1 December 2029) to qualify for this promotion regime, it may also benefit (see question 7).

Indirect taxes

Outline the indirect taxes imposed in your jurisdiction that apply to the provision from within, or importing of cloud computing services from outside, your jurisdiction.

In relation to VAT, this tax applies, among other things, to the provision of services rendered within Argentina. The current general rate for this tax is 21 per cent. However, in cases where the services are rendered in Argentina but effectively used or exploited abroad, they would be deemed as rendered abroad and, therefore, would not be subject to VAT.

A recent amendment to the VAT Law introduced a new taxable event related to the provision of digital services by an individual or company domiciled abroad when its use or effective exploitation is carried out in Argentina, as long as the customer is not subject to the tax for other taxable events and does not assume the status of a registered taxpayer.

The VAT Law also includes a definition of digital services, which are understood, regardless of the device used for download, display or use, as those carried out through the internet or any adaptation or application of protocols, platforms or technology used by the internet or other networks through which equivalent services are provided that, by their nature, are basically computerised and require minimum human intervention. The tax resulting as a consequence of the provision of digital services is paid by the customer directly or through a reverse withholding mechanism.

Recent cases

Notable cases

Identify and give details of any notable cases, or commercial, private, administrative or regulatory determinations within the past three years in your jurisdiction that have directly involved cloud computing as a business model.

The EU’s General Data Protection Regulation (GDPR) may have an impact on the provision of cloud computing services in Argentina, since the most important service providers are global companies. In this context, and taking into account that the GDPR has extraterritorial application in some instances, its existence may translate in practice to a higher common standard in data protection matters.

Also, as already mentioned, the regulation issued by the Argentine Central Bank in November 2017 allowing financial entities - among others - to hire from third parties those information technology services listed by the Central Bank, has been seen as a step forward in fostering cloud services in the financial sector.

Update and trends

Key developments of the past year

What are the main challenges facing cloud computing within, from or to your jurisdiction? Are there any draft laws or legislative initiatives specific to cloud computing that are being developed or are contemplated?

Key developments of the past year27 What are the main challenges facing cloud computing within, from or to your jurisdiction? Are there any draft laws or legislative initiatives specific to cloud computing that are being developed or are contemplated?

There are currently no draft laws that refer specifically to cloud computing.

Furthermore, in 2018, the Argentine Executive Branch introduced before Congress a bill intended to replace the Argentine Data Protection Law (the Data Protection Bill). The Data Protection Bill is generally in line with many approaches proposed by the European General Data Protection Regulation (GDPR). The Data Protection Bill includes several aspects relevant to cloud computing. Among other things, it:

  • limits the concept of data subject to natural persons and excludes legal entities;
  • revisits general concepts included in the current Argentine Data Protection Law, such as databases, personal data and sensitive data, and it incorporates new ones;
  • includes accountability obligations and eliminates the requirement of registering databases with the DPA;
  • establishes that the legal basis for the processing of personal data is still the data subject’s express consent, although under specific circumstances, consent can be given implicitly, with the addition of the data processor’s legitimate interest as a new legal basis;
  • expressly acknowledges the right to be forgotten and the right to data portability;
  • includes an obligation to notify of data breaches in certain cases;
  • includes an obligation to appoint a data protection officer in public agencies, big data operations, and when the processing of sensitive data is a principal activity; and
  • mandates the enactment of an impact analysis when the data processor intends to treat personal data in such a way that there is a high risk of affecting fundamental data subject rights.