Argentina Strengthens Data Protection Laws Amid Global Concerns

===========================================================

Introduction

In a bid to bolster its data protection laws, Argentina has ratified Decision 108 of the Council of Europe, as amended, through Law 27,699 in November 2022. This move follows international standards and has been considered adequate by the European Commission.

Personal Data Protection Law (PDPL)

The PDPL, which is Law No. 25,326, provides a comprehensive framework for data protection in Argentina. The law requires companies to implement robust measures to ensure the security and confidentiality of personal data, including the adoption of technical and organizational measures to prevent adulteration, loss, consultation or unauthorized processing.

Key Provisions

• Consent: Companies must obtain explicit consent from individuals before collecting and processing their personal data. This consent must be informed, voluntary, and unambiguous.
• Data Transfer: Personal data may only be transferred to countries that provide adequate protection or with the prior consent of the individual concerned.
• Security Breach Notification: Not specifically required under data protection law, but failure to notify a security breach may have implications for enforcement actions.

Enforcement

The National Directorate of Personal Data Protection (DNPD) is responsible for enforcing the PDPL. The DNPD has the power to impose fines and penalties on companies that violate the law. In addition, court actions may be brought by individuals to seek access to their personal data, correction, suppression, confidentiality or updating.

Implications

Argentina’s strengthened data protection laws reflect a growing global trend towards prioritizing individual privacy and security in the digital age. Companies operating in Argentina must adapt to these new regulations to avoid potential fines and reputational damage.