Lexology GTDT Market Intelligence provides a unique perspective on evolving legal and regulatory landscapes. This interview is taken from the Artificial Intelligence volume featuring discussion on various topics including, government national strategy on AI, ethics and human rights, AI-related data protection and privacy issues, trade implications for AI and more, within key jurisdictions worldwide.
1 What is the current state of the law and regulation governing AI in your jurisdiction? How would you compare the level of regulation with that in other jurisdictions?
Argentina does not have a specific regulatory framework for AI, although certain general legislation (for instance regarding torts, contracts, intellectual property or privacy and data protection) may apply. Moreover, some non-binding guidance and local case law have addressed some AI-related issues.
It is worth noting that very little of national legislation (including laws, decrees, resolutions and provisions) refer to AI and that they mostly do so by describing certain activities (involving AI), which the executive branch is seeking to promote through loans, tax incentives and deregulation, or by referring to such activities in their recitals, annexes or as a complementary bibliography.
In this sense, Law No. 27,506 created the ‘Knowledge-Economy Promotional Regime’ and – among the promoted activities – it refers to technologies such as AI and robotics (article 2, (i)). Moreover, Resolution No. 47/2019 refers to ‘Industry 4.0’, covering AI (section b.8) and autonomous machines (section b.4) within the framework of another incentive regime, created by Decree No. 379/2001. Resolution No. 1352/2019 establishes subsidised rate financing for projects involving 4.0 technologies and defines them by referring to AI and big data (section 5). Likewise, from a government perspective, Decree No. 50/2019 highlights the need to promote the use of AI and blockchain within the National Public Administration, entrusting the Undersecretariat of Knowledge for Development with boosting its implementation (annex 2, section III, subsection 15). Another example illustrating the above is given by Decree No. 996/2018, which set forth the basis for an ‘Argentine Digital Agenda’ with the aim of designing guidelines to embrace the development of new technologies in Argentina. Its annex 1 acknowledges the growth of AI and its impact in the way in which we communicate and relate to each other.
Further, various legislation refers to AI in their recitals, in order to account for the existence of new technological realities that give meaning to the proposed regulation. In this sense:
- Resolution No. 111/2019 refers to the new work paradigm given by machine learning and AI tools;
- Decree No. 733/2018 recognises the possibilities of AI for the automation of decisions within the National Public Administration;
- Joint-Resolution No. 1/2019 (which created the Argentine Industry 4.0 Plan) notes that the application of diverse technologies – such as AI – are changing the global value chains in a structural way; and
- Resolution No. 733/2019 (which created the Bureau for Innovation in Insurance and Insurtechs) acknowledges that AI, blockchain and big data are transforming the insurance industry worldwide.
As pointed out, in the absence of a comprehensive legislation, it is necessary to frame the situations that arise due to AI developments using the existing laws, such as the Civil and Commercial Code, the Consumer Protection Law No. 24,240 (CPL) or the Data Protection Law No. 25,326 (DPL), among others.
As an example, in connection with liability, some scholars have suggested that damage that may arise from the use of algorithms should be subject to a strict liability standard based on the inherent risk that they pose. Meanwhile, others have pointed out that producers, manufacturers, importers, distributors and suppliers of AI-based products should be jointly and severally liable for damage caused to consumers (pursuant to articles 2 and 40 of the CPL).
The DPL – while not referring to AI directly – has some implications regarding privacy and data protection in cases involving AI-based systems’ decisions. In fact, according to Resolution No. 4/2019 of the Argentine Agency of Access to Public Information – the controlling authority of the DPL, and which provides guidance criteria for the implementation of the DPL – the data subject has the right to ask the data controller for clear and transparent information regarding the logic used by the AI-based system to reach any decision that is solely based on the automated processing of data and that significantly affects him or her (Criterion No. 2 of Resolution No. 4/2019, according to articles 13, 14 and 15 of the DPL). Regarding the scope of the information to be provided by the data controller, it might be useful to refer to article 29 of the Data Protection Working Party’s Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 (as last revised and adopted on 6 February 2018), which suggests providing ‘details of the main characteristics considered in reaching the decision, the source of this information and the relevance’, while ‘not necessarily a complex explanation of the algorithms used or disclosure of the full algorithm’.
Regarding the latter, the Argentine Agency of Access to Public Information has participated – as a member of the executive committee of the Ibero-American Data Protection Network – in two important guidelines: the General Recommendations for the Processing of Personal Data in Artificial Intelligence and the Specific Guidelines for Compliance with the Principles and Rights that Govern the Protection of Personal Data in Artificial Intelligence Projects.
At a regional level, AI is not specifically regulated. However, Chile, Uruguay and Brazil, among others, have already started to plan AI national strategies that are now being subjected to surveys or further analysis, as in Argentina. Similarly, Mexico and Colombia are currently establishing AI policies, as noted by the Inter-American Development Bank’s recent ‘fAIrLAC’ report, as well as the Centre for Technical and Higher Education’s (CeTyS) ‘GuIA’. This same regional pattern can be seen in more specific regulations, such as the ones concerning automated processing of personal data through AI-based systems, which countries such as Argentina and Chile would seek to address with new proposed legislation on data protection. In contrast, countries such as Japan, Estonia or Saudi Arabia experience further development in this area, as shown by the Organisation for Economic Co-operation and Development (OECD) in its ‘National AI initiatives’ list.
As concluded by CeTyS’s GuIA, the South American region still shows a low level of adoption of explicit AI policies, frameworks or strategies compared to North America, Europe and Asia, although it is starting to boost its implementation.
2 Has the government released a national strategy on AI? Are there any national efforts to create data sharing arrangements?
In 2018 Argentina began to devise a national strategy on AI, in line with the Argentine Digital Agenda and the National Strategy for Science, Technology and Innovation, which involved a nine-month consultation period with more than 400 experts and 82 companies through meetings, conferences and creative workshops. Finally, the ‘National Plan for Artificial Intelligence’ (Plan ArgenIA) was officially released at the end of 2019. It was issued by the prior administration and it has not been approved by a resolution, so it serves more as a reference document for the new administration.
Plan ArgenIA proposes a multi-sectoral approach in order to generate the necessary conditions for the development of AI in Argentina, as well as to generate new instruments in the fight against poverty. Likewise, Plan ArgenIA stresses the importance of achieving the UN Sustainable Development Goals by means of AI national strategies.
Among the salient features of Plan ArgenIA, it is worth noting that it seeks to:
- provide mechanisms or processes to meet the needs of modern societies;
- require coordinated work between various sectors, entities and organisations;
- respond to the realities and needs created by the international context, while also embracing priorities established at a local level;
- serve as a framework for scientific-technological evolution and for the insertion of the Argentine industry in world markets; and
- ensure permanent re-examination of the plan, so that it will be updated and improved.
Plan ArgenIA is divided into 11 strategic areas, with respect to which specific goals and objectives are established. These areas are:
- data and public-private convergence;
- supercomputer infrastructure;
- research, development and innovation;
- public sector implementation;
- private sector implementation;
- impact on work;
- ethics and regulation;
- international linkages;
- innovation laboratory; and
- communication and awareness.
Plan ArgenIA also refers to the importance of sharing data and negotiating ‘cooperation agreements’ as being the backbone for the opening of data. In this sense, there is a shared vision – within the region – of the need to promote strategies for the reuse and sharing of data between the public and private sectors. In Argentina, Decree No. 1273/2016 set forth the basis for greater interoperability and data exchange among the National Public Administration. Further, Decree No. 117/2016 – in line with Law No. 27,275 on Access to Public Information – established an open data policy at the National Public Administration, which allowed more than 980 data sets belonging to 33 public organisations to be available to the general public. Furthermore, within the framework of Decree No. 1273/2016, Resolution No. 19/2018 approved the implementation of the Argentine Data Interoperability Platform as a supportive layer of the Electronic Document Management Platform, aiming to enable data sharing between existing data registers.
Last, the Executive Branch released the Guide for the Identification and Use of Interoperable Entities and the Guide for Publishing Data in Open Formats, which, among other things, give a series of recommendations and best practices regarding all these subjects.
3 What is the government policy and strategy for managing the ethical and human rights issues raised by the deployment of AI?
Argentina’s commitment to ethical and human rights considerations can be seen in a wide variety of regulatory frameworks, such as international conventions or local laws that promote the protection of human rights (in general) or in non-binding guides specifically related to ethical concerns raised by AI. Accordingly, the EU High-Level Expert Group on Artificial Intelligence has said that reliable AI cannot be achieved solely through compliance with the law, but that it is necessary to ensure that these systems are subject to ethical principles and values.
First, Argentina is a party to several treaties that regulate a highly relevant human right of late: the right to privacy. Among others, the Universal Declaration of Human Rights (article 12), the International Covenant on Civil and Political Rights (article 17) and the American Convention on Human Rights (article 11) stand out. Moreover, Argentina is a party to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108).
Second, the right to privacy is contemplated in articles 18, 19 and 43 of the Argentine Constitution. In addition, the DPL aims to guarantee the complete protection of personal data contained in databases and the assurance of the right to privacy and access to information.
Further still, on 21 May 2019, Argentina supported the OECD’s Recommendation of the Council on Artificial Intelligence, which urges governments to ‘spur innovation in trustworthy AI that focus on challenging technical issues and on AI-related social, legal and ethical implications’ (article 2.1(a)) and to ‘foster the development of, and access to, a digital ecosystem for trustworthy AI’, in order to ‘support the safe, fair, legal and ethical sharing of data’ (article 2.2). Although this guide is non-binding, it shows Argentina’s nascent commitment to addressing these problems and concerns as related to AI.
Finally, Plan ArgenIA refers to the need to create regulatory strategies on AI that are aligned with human rights and ethical, trustworthy standards. Specifically, Plan ArgenIA highlights the need to create an IA National Observatory and an IA Ethics Committee so as to promote ethical guidelines for the development of AI.
It is interesting to note how, in the absence of mandatory state regulations, certain local companies have started to release their own rules as a way of self-regulation and – naturally – as an opportunity of gaining social trust.
As the Responsible AI Report of the International Technology Law Association remarks, ‘the appropriate solutions must emerge through a cross-disciplinary engagement between governments, AI scientists, social scientists and the public at large’. Argentina seems to be heading in the right direction, but still has a long way to go.
4 What is the government policy and strategy for managing the national security and trade implications of AI? Are there any trade restrictions that may apply to AI-based products?
Plan ArgenIA places special emphasis on cybersecurity when implementing AI. Indeed, cybersecurity is an issue that both the public and private sectors face and that poses constant threats, such as loss of confidential and financial data, disruptions in computer network systems and exposure caused by security breaches.
In 2008, Argentina amended the Criminal Code and made serious cyber actions – such as informatics fraud – punishable crimes. Moreover, Resolution No. 69/2016 created the National Programme to Combat Cybercrimes, aiming to promote the necessary actions to improve the criminal system against the challenges presented by illegal acts committed through computer software tools that may take advantage of AI. Last, Resolution No. 977/2019 established the Federal Plan for the Prevention of Technological Crimes and Cybercrimes, with several projections towards 2023. Argentina is also a party to the Convention on Cybercrime of the Council of Europe adopted in Budapest.
Furthermore, by means of Decree No. 577/2017, the executive branch created a Cybersecurity Committee to develop an Argentine Cybersecurity Strategy. Decree No. 480/2019 also entrusts the Secretariat of Modernisation with the direction of the committee and notes the need to foster cybersecurity-related legislation.
As regards AI’s trade implications, Plan ArgenIA seeks to promote the adoption of AI in existing industries, raising awareness of its potential, as well as its positive impact by improving competitiveness, gaining productivity, optimising the use of resources, reducing costs and maximising efficiency. Similarly, the Special Commission on Artificial Intelligence and Industry and Services, within the framework of the AI Latin American Summit (recently organised by the Massachusetts Institute of Technology, in collaboration with University of Buenos Aires Law School’s IA Lab), indicated that Latin America must continue to develop an ecosystem of economic investment in AI entrepreneurship and to aspire not only to have financial and legal mechanisms, but an adequate focus on AI through specialised funds, public–private initiatives, specific awards, among other things.
In line with this expectation, Law No. 27,506 created a promotional regime to promote AI tools (article 2(i)). Similarly, Decree No. 379/2001 on Capital Goods, Information Technology and Telecommunications, along with Resolution No. 47/2019, also seek to promote investments related to AI by means of an incentive regime.
In addition, Argentina does not have any specific commercial restrictions regarding AI-based products.
5 How are AI-related data protection and privacy issues being addressed? Have these issues affected data sharing arrangements in any way?
There is no doubt that during the past few decades, technological advances have changed the way in which individuals relate to each other and enabled new ways in which privacy can be affected.
AI-based systems may not only involve a large amount of data but, depending on the specific implementation, may depend on it to reach their full potential. This raises the need to ensure that the use of personal information is made in a manner that respects privacy rights. Many have stressed how important it is for developers of AI-based software to respect all applicable privacy and data regulatory frameworks, including international treaties, laws, resolutions and non-binding guidance.
In Argentina, the most comprehensive statutory regulation regarding the protection of personal data is the DPL, in addition to Convention 108 and Convention 108+ (which has not yet been ratified by the National Congress). The general principle under the DPL is that consent must be given by a data subject for their personal data to be processed. This consent must be prior, given freely, based upon the information previously provided (informed) and expressed in writing or by equivalent means. Furthermore, the data subject has the right to access any database containing his or her personal data and request information in connection with that data, which may raise requests about how the AI-based software carried out the recollection of its personal data, in view of the fact that technological changes have made it possible to automate data processing and that this could entail risks for the individual.
In that regard, Resolution No. 4/2019 – which provides guiding criteria and indicators of best practices in the implementation of the DPL – states, when regulating the scope of the right of access (article 15, DPL), that if the data controller make decisions based solely on the automated processing of data, producing legal effects concerning the data subject or significantly affecting him or her, the data subject shall have the right to request from the data controller an explanation of the logic applied in those decisions.
In 2018, the Argentine executive branch introduced before the National Congress a bill intended to replace the entire DPL. This bill was generally in line with many approaches proposed by the EU General Data Protection Regulation. Even though it lost parliamentary status, it is very likely that a new and similar bill could be filed in the near future.
This bill provided that the data subject has the right to request and obtain access to data on him or her that is being processed, with references to the existence of automated decisions, as well as meaningful information about the logic involved in the system (presumably AI-driven), without affecting the intellectual property rights of the data controller (articles 27 and 28(h)). Furthermore, the bill established that the data subject has the right to object to a decision based solely on the automated processing of data, which produces legal effects concerning the data subject or significantly affects him or her, unless the controller demonstrates compelling legitimate grounds for the processing (ie, when necessary for entering into, or performance of, a contract between the data subject and a data controller, is authorised by law, or is based on the data subject’s explicit consent) (article 32). Finally, the bill required data protection impact assessments to be carried in cases of systematic and extensive evaluation of personal aspects relating to data subjects, based on automated data processing, and on which decisions that produce legal effects concerning – or significantly affecting – data subjects are grounded (article 40).
Moreover, the Ibero–American Data Protection Network’s General Recommendations for the Processing of Personal Data in Artificial Intelligence and Specific Guidelines for Compliance with the Principles and Rights that Govern the Protection of Personal Data in Artificial Intelligence Projects can serve as interesting complementary rules to the above.
Further, Resolution No. 11/2017 created the ‘Big Data National Observatory’ (which awaits further regulations), which aims to study the regulatory framework for the use of personal data, to promote good practice guidelines regarding big data and to propose new regulations.
Finally, data sharing arrangements are not subject to a particular treatment as a result of AI, but to general concerns such as privacy, data integrity, sensitive information and confidentiality.
Furthermore, international transfer of personal data is forbidden under the DPL if the receiving country – or international organisation – does not grant an appropriate level of protection according to the Agency of Access to Public Information’s criteria, unless the data subject has expressly granted its consent or an international transfer agreement or self-regulating mechanism is in place. This restriction does not apply in certain circumstances (eg, international judicial collaboration, transfer of data pursuant to international treaties, among other things).
In this regard, Resolution No. 60 - E/2016 and Resolution No. 34/2019 establish that personal data can be transferred with no further safeguards to member states of the European Union and the European Economic Area, as well as Switzerland, Guernsey and Jersey, New Zealand, Uruguay, Israel and UK, among others.
6 How are government authorities enforcing and monitoring compliance with AI legislation, regulations and practice guidance? Which entities are issuing and enforcing regulations, strategies and frameworks with respect to AI?
In the current legislative context, the Argentine Agency of Access to Public Information plays a fundamental role for the protection of personal data that may be involved in AI-based software.
In this, the Agency of Access to Public Information is charged with enforcing the DPL. In the event of an infringement, it may apply certain penalties, ranging from observation or suspension, to business closure, cancellation of the database or monetary fines.
Plan ArgenIA states that with the creation of the IA National Observatory and the IA Ethics Committee, both bodies should cooperate with the Agency of Access to Public Information in issuing new regulations regarding the processing of personal data, controlling compliance with the requirements that must be met by those responsible for – and in charge of – data processing, and imposing sanctions for violations of the DPL.
7 Has your jurisdiction participated in any international frameworks for AI?
Argentina has participated in certain international frameworks for AI, as noted in question 5 regarding the Ibero–American Data Protection Network’s General Recommendations for the Processing of Personal Data in Artificial Intelligence and Specific Guidelines for Compliance with the Principles and Rights that Govern the Protection of Personal Data in Artificial Intelligence Projects; or the OECD’s Recommendation of the Council on Artificial Intelligence, which Argentina supported.
Moreover, at a regional level, Argentina has also participated through the Southern Common Market’s parliament in the 108th International Labour Conference in the city of Geneva, Switzerland, where the International Labour Organization’s ‘Centennial Declaration on the Future of Work’ was finally promulgated by the Plenary Session of the International Labour Conference. This was the result of years of debate around the impact of new technologies, robotics and AI in the world of work.
8 What have been the most noteworthy AI-related developments over the past year in your jurisdiction?
Argentina has numerous projects that verify the growing development of AI in the country, most originating in the private sector. One of them, which converges AI and law, is Prometea: an AI-based system created by the Public Prosecutor’s Office of the City of Buenos Aires and the innovation and artificial intelligence laboratory of the University of Buenos Aires’s school of law. Although Prometea was first devised to optimise the judicial system, it was later implemented in other activities and organisations. As per Prometea’s developers, it can predict the solution to certain housing, education or work cases in less than 20 seconds, with a 96 per cent success rate. Prometea’s potential has drawn interest from multiple international organisations, such as the United Nations, the Organization of American States and the Inter-American Court of Human Rights.
Likewise, since 2018, Marval O’Farrell Mairal has in place an AI-based system called ‘Marval ia’, originally developed to answer labour complaints in massive solidarity cases and predict outcomes of labour case law. We are committed to further expand Marval ia’s horizons, to promote innovative ways to provide efficient legal services.
9 Which industry sectors have seen the most development in AI-based products and services in your jurisdiction?
According to Endeavor Global, Inc, the industries that have developed the most AI-based products or services are enterprise software, healthcare and media. Furthermore, the agricultural sector, a historical engine of the Argentine economy (accounting for approximately 40 per cent of the country’s total exports), also boosts implementation of AI-based products for monitoring fields, predicting climate and having real-time statistics to develop more effective production. Similarly, Plan ArgenIA remarks that industries such as health, agriculture, finance and tourism are being benefited by the adoption of AI-based technologies.
10 Are there any pending or proposed legislative or regulatory initiatives in relation to AI?
There are two main AI national legislative initiatives presented before the National Congress.
In 2019, a bill was presented before the House of Representatives for the creation of a Federal Council for AI, to promote the investigation of AI, carry out awareness campaigns regarding the risks of technology (particularly regarding ethical issues and its non-neutrality), develop best practice guidelines and promote the use of open source in new technologies. Similarly, a bill presented before the Senate in 2018 encourages the creation of a Federal Council of Robotics. Among the recitals of the bill, it refers to the advances of AI and alludes to the Three Laws of Robotics of Isaac Asimov. This legislative trend can be assimilated to other existing regulations, such as Resolution No. 11/2017, which created the Big Data National Observatory (as mentioned in question 5, which awaits further regulations).
11 What best practices would you recommend to assess and manage risks arising in the deployment of AI?
To manage risks from AI, it is worth looking at existing frameworks such as the EU’s Ethics Guidelines for Trustworthy Artificial Intelligence (in particular, its seven key requirements that AI systems should meet in order to be deemed trustworthy: human agency and oversight, technical robustness and safety, privacy and data governance, transparency, diversity, non-discrimination and fairness, societal and environmental well-being and accountability); or the OECD’s Recommendation of the Council on Artificial Intelligence.
In particular, when launching AI-based software to the web, it is advisable to carry out data protection impact assessments, to adopt methods that uphold data protection without affecting data sets, to consider interpretability as well as the possibility of audits and to try to avoid or reduce ‘black box’ issues and encourage multidisciplinary approaches.
The Inside Track
What skills and experiences have helped you to navigate AI issues as a lawyer?
Ever since I was young, I have been very curious about technology. I think this pushed me to question conservative approaches generally, keep an open mind and embrace the new realities brought about by technology in general and in AI.
In order to address the challenges that AI poses to privacy and data protection, my experience has allowed me to understand the needs of data controllers, as well as the concerns of data subjects, leading me to seek a balance of these – somehow conflicting – points, to prevent and avoid legal issues.
Which areas of AI development are you most excited about and which do you think will offer the greatest opportunities?
I think AI-based solutions (ie, predictive analytics) will be able to tackle most routine work, giving us the possibility of focusing on more challenging legal tasks.
Further, my natural passion for technology makes me very excited for future AI developments within my own firm. I look forward to expanding our platforms, and seeing where it leads us.
Lastly, I have great confidence in what AI can do to eradicate current deadly diseases.
What do you see as the greatest challenges facing both developers and society as a whole in relation to the deployment of AI?
The lack of explanation from most complex AI-based systems (namely, ‘black box’) and the projection of human biases in others seems to provide some of the greatest challenges these days. However, multi-sectoral work, ethics and diversity need to be projected in AI advances to ensure prosperous human development.