What is a Privacy Policy?
What is a privacy policy?
Create a tailored Privacy Policy, Terms & more in under 5 minutes.
Argentina is doubling down on its commitment to safeguarding personal data. With the upcoming Draft Law on Personal Data Protection. If approved, the new bill will take effect six (6) months after publication in the official journal. However, the new penalties will become effective immediately after the law is published.
In this article, we will delve into the significance of the draft law, checking key differences with the current legislation and insights into what it means for data protection in Argentina.
Enacted in October 2000, the Personal Data Protection Act (PDPA), officially known as Ley de Protección de los Datos Personales or Law 25.326, serves as Argentina’s principal data privacy law. It establishes rules and guidelines governing the processing of personal data within the country’s borders. With its inception, Argentina positioned itself as a frontrunner in data protection in Latin America, earning recognition for its alignment with the EU’s General Data Protection Regulation (GDPR). However, after rounds of resolutions and failed attempts at reform, the Draft Law will be poised to revamp Argentina’s data protection.
To understand Argentina’s data protection landscape effectively, it’s important to know the key definitions and the scope of the PDPA. The law defines:
Under the PDPA, compliance obligations extend to all organizations processing personal data within Argentina’s territory. While the current law doesn’t explicitly address extraterritorial application, the proposed reforms broaden its scope to include businesses outside Argentina that process data of Argentine residents or offer goods/services within the country.
While the PDPA laid a solid foundation for data protection, the rapid evolution of technology and global privacy standards necessitated updates. Recognizing this need, Argentina’s data protection authority, the Agency for Access to Public Information (AAIP), initiated a reform process in 2022. The proposed reforms, encapsulated in a new bill, aim to modernize Argentina’s data protection framework, aligning it more closely with contemporary privacy norms.
The Draft Law introduces several innovative provisions, including expanded rights for data subjects, privacy by design and by default principles, and enhanced penalties for non-compliance. If enacted, these reforms would usher in a new era of data protection in Argentina, ensuring greater accountability and transparency in personal data processing.
The PDPA grants consumers a suite of rights to exert control over their personal data. These rights include the ability to access, update, and delete their data, as well as object to certain processing activities. The proposed reforms seek to enhance these rights further, empowering data subjects with additional avenues for recourse against data misuse.
For businesses, compliance with the PDPA entails a series of obligations aimed at ensuring responsible data-handling practices. These include obtaining lawful bases for data processing, maintaining transparent privacy policies, implementing privacy by design principles, and appointing data protection officers where necessary. Conducting privacy impact assessments and adhering to data breach notification requirements are also integral components of compliance efforts.
For EU Small and Medium-sized Enterprises (SMEs), the Draft Law heralds both challenges and opportunities:
Effective enforcement mechanisms are vital to uphold the integrity of data protection laws. In Argentina, the AAIP assumes the role of enforcing the PDPA and overseeing compliance. The authority employs a tiered approach to penalties, tailoring sanctions to the severity of violations. Penalties for non-compliance may range from warnings and fines to suspension of data processing activities or shutdown of databases.
Scope and Applicability
Notification Requirements
Fines and Penalties
Response Time to Data Requests
Minimum Age for Data Processing
Rights to Erasure and Object
These differences highlight the evolving landscape of data protection regulations and the efforts to modernize and align privacy laws with international standards.
Argentina’s Draft Law represents a significant step towards aligning its data protection standards with global norms. For EU SMEs, embracing this change requires proactive adjustment, careful adherence, and a dedication to maintaining high standards of data protection. By understanding the intricacies of the Draft Law, EU SMEs can contribute to building a secure, transparent, and mutually beneficial digital landscape in Argentina.
As the Draft Law advances, staying informed about legislative updates and promoting a culture of data protection awareness will be essential for EU SMEs aiming to thrive in the Argentine market.
GetTerms can simplify the complicated task of compliance and allow you to get back to business by addressing multiple items on your compliance checklist, including a cookie policy tailored to your business needs and generating cookie consent banners, we can help. Please take advantage of our services today. Create an account and get started in 5 minutes.