Financial Crime World

Argentina Proposes New Bill for Strengthening Data Protection

The government of Argentina has introduced a new bill aimed at enhancing data protection regulations in the country. The proposed legislation seeks to introduce new rules governing international transfers of personal data, ensuring that organizations handling sensitive information comply with robust standards.

Key Principles for International Transfers

To facilitate international transfers, the New Bill outlines three key principles:

  • Adequate levels of data protection: When the destination country provides adequate safeguards for protecting personal data.
  • Appropriate guarantees: When the exporter offers sufficient assurances for the processing and handling of personal data.
  • Exceptions: When specific exceptions apply, such as consent from data subjects or transfer necessary for public interest.

Exceptions for International Transfers

The New Bill lists several exceptions to international transfers:

  • Consent of the data subjects
  • Transfer is necessary for the execution of a contract between the data subjects and the data controller, or for the execution of pre-contractual measures adopted at the data subject’s request
  • Transfer is necessary for reasons of public interest, for the recognition, exercise or defense of a right in a judicial process, or to protect the vital interests of the data subject or other persons when the data subject is physically or legally incapable of giving consent.

Significant Fines and Increased Enforcement Powers

The proposed legislation also includes significant increases in fines, ranging from five to one million mobile units. This translates to a minimum fine amount of ARS 50,000 (approx. $500) and a maximum of ARS 10 billion (approx. $41 million). The New Bill expands the powers of the enforcement authority, which include:

  • Implementing voluntary dispute resolution mechanisms
  • Filing collective habeas data actions
  • Developing strategies for preventing digital violence related to privacy defense and data processing

Organizational Compliance and Internal Assessments

To ensure compliance with the proposed regulations, organizations should conduct an internal assessment of their personal data processing activities. This may involve:

  1. Conducting a Privacy Impact Assessment (PIA) to identify potential risks associated with their data processing activities.
  2. Appointing a Data Protection Officer (DPO) to oversee and ensure compliance with data protection regulations.
  3. Reviewing their databases and ensuring that they are registered with the relevant authorities.
  4. Evaluating their international data transfer activities and ensuring that they comply with the exceptions outlined in the New Bill.

Monitoring Progress of the New Bill

Organizations should remain vigilant about any potential modifications to the provisions of the New Bill as it progresses through the Chamber of Deputies and the Senate. Regular monitoring will help ensure compliance with the evolving regulations and avoid any potential non-compliance issues.