Bulletin on Data Privacy & New Technologies | July 2021
Selection of legal news related to data privacy, data protection, and new technologies in Argentina
Regulations
Data Privacy
Sensitive Data: Regulation No. 2/2021 – Superintendence of Health Services (“SSS”)
On February 4th, 2021, Regulation No. 2/2021 of the Superintendence of Health Services was published in the Official Gazette, declaring as sensitive the personal data contained in the forms with the details of the beneficiaries with HIV infection who received benefits from the Health Insurance Agents that the latter must submit in accordance with the provisions of Resolution No. 123/21 of the SSS (Protocol of exception for the recovery of benefits to beneficiaries with HIV infection) declaring all the information contained in the refereed proceedings to be classified as private-confidential. Click here to access the full text of the regulation.
Resolution No. 332/2020: Guidelines for audits by the Agency for Access to Public Information (“AAPI”)
On 31 December 2020, Resolution No. 332/2020 of the Agency for Access to Public Information (“AAPI”) was published in the Official Gazette, approving the guidelines for personal data audits (the “Guidelines for Audits”), the purpose of which is to establish guidelines and procedures for inspections in order to assess the degree of compliance with the regulations in force on the protection of personal data. Read more
Cybersecurity
Creation of the Cert.ar: National Cybersecurity Directorate, Regulation N°1/2021
On 22 February 2021, Regulation No. 1/2021 of the National Cybersecurity Directorate was published in the Official Gazette, derogating Regulation No. 2/2013 of the National Office of Information Technologies and creating the National Computer Incident Response Centre (“CERT.ar.” by its Spanish acronym), with the purpose of coordinating the management of security incidents at the national level and providing assistance in those affecting the entities and jurisdictions of the national public sector and Critical Information Infrastructures, declared as such. Read more
Case Law
Habeas Data – Federal Jurisdiction – Database interconnected with the computer file system of the Central Bank of the Argentine Republic
“Romero, Fernando Felix v. Coppel S.A.”, Federal Court of Appeals in Civil and Commercial Matters, Division II, Case No. 7504/2020, 1st March 2021.
Fernando Félix Romero filed a habeas data lawsuit against Coppel S.A. in order to request the company to provide him with the information it had on its database about him, inform about the origin and destination of that information and explain whether it had been transferred to third parties. Also, Mr. Romero requested information as to whether he had been informed as a debtor and/or defaulter in its records and requested that, in the event of error or inaccuracy in the stored information, this information be rectified and/or deleted. Read more
Habeas Data – Ordinary Jurisdiction – Information not contained in a database accessible via the Internet
“D. F., D. A. v. Paktar SRL”, Federal Court of Appeals in Civil and Commercial Matters, Division III, 30 December 2020. The plaintiff brought the habeas data lawsuit regulated in Section 43 of the National Constitution and in Law No. 25,326 on the Protection of Personal Data against Paktar SRL in order to find out what information was held about him in its database and, in particular, whether he was registered as a debtor and, if so, of what obligations; whether the data had been transferred to third parties; what products and services were registered or contracted in his name; and in the event that errors or inaccuracies were found, he claimed the relevant rectification and/or deletion. Read more
Right to privacy – Precautionary measure – Proceedings – View from a gender perspective
“P., L. B. v. P., G. A.”, National Court of First Instance in Civil Matters No. 38, 26 October 2020. On 26 October 2020, the National Civil Court of First Instance No. 38 granted an injunction to prohibit the defendant from disseminating, revealing, showing, or exhibiting, in any media, videos of an intimate or sexual nature in which the plaintiff appear, in the understanding that these videos precisely identify forms of express gender-based violence protected by Law No. 26,485. On the facts, the plaintiff claimed that after having an intimate encounter with the defendant, she discovered that he had videoed her without her consent and that he kept videos of that moment. Therefore, in order to prevent the defendant from disseminating this material, she initiated the precautionary measure. Read more
Refusal to annul a sanction filed by the National Directorate for the Protection of Personal Data – Unlawful processing of personal data through commercial reports
“Open Discovery S.A. v. EN M° Justicia”, Federal Contentious-Administrative Court No. 8, 15 of October 2020. The company Open Discovery S.A., which provides commercial and location reports of individuals, filed a lawsuit against the National State in order to obtain a declaration of nullity of the Decision of 22 April 2009 issued by the National Directorate for the Protection of Personal Data (“NDPPD”), alleging that it was invalid on the grounds that the essential elements of the administrative act were flawed. Read more
Habeas data – Right to honor – Information that relates a psychologist to the suicide of a person – Possible public interest
“D. C., G. M. v. Google Inc.”, Federal Court of Appeals in Civil and Commercial Matters, Division II, 8 October 2020. A psychologist filed a habeas data interim injunction against Google with the aim of ordering it to remove his personal data from the files, records, and/or databases it manages, alleging that when his name and surname are searched, “information appears where [he] is unjustly accused as the main responsible for the unfortunate death of Ms. G., which is extremely harmful due to its falsehood…”. Read more
Right to honor vs. Freedom of expression – Precautionary measure – Rejection – Activity protected by freedom of expression
R.A.J. v. Facebook Argentina SRL s/ Amparo”, Federal Court of Appeals in Civil and Commercial Matters, Division I, 16 September 2020. On 16 September 2020, the Federal Court of Appeals in Civil and Commercial Matters dismissed the lawsuit filed by the plaintiff, which had requested an injunction against Facebook Argentina SRL to order the social network to block or remove the content posted on three user-profiles and, in turn, to order Facebook Argentina to remove any links to pages in which it is alleged to have committed acts of gender-based violence. Among the grounds of the judgment, the Court understood that, although the matter raised by the plaintiff involves two essential interests (freedom of expression and personal rights), the judicial doctrine of the Supreme Court of Justice of the Nation has understood that the right to express opinions through the internet encourages freedom of expression both in its individual and collective dimension. In this sense, it has been understood that State and judicial intervention must be particularly careful not to affect the right to free expression. Read more
Right to Image – Minors – Absence of public relevance in the broadcast
T., A. B. v. Arte Televisivo Argentino y Others”, National Court of Appeals in Civil Matters, Division M, 14 August 2020. On 14 August 2020, the National Court of Appeals in Civil Matters upheld the ruling that condemned a television channel for exposing in a news channel the image and details of a child who was the victim, together with his mother, of a hostage-taking. In this regard, the Court ruled that in order to verify whether the news is really of public relevance, it must be assessed if it is in fact of general interest (exception provided for in Section 31 of Law No. 11,723) and, therefore, if the information is of relevance to the community. Only in that case will it prevail over the individual interest and can it be validly invoked as a cause of justification for the disturbance and inconvenience caused to the affected party. To this effect, the Court considered that the context in which the interview with the minor took place prevents it from being included in the framework of news items that limit the right to self-determination of personal property since the interview with the child is not related to the public interest of the news story. All this, understanding that the image of the minor was unnecessarily exhibited, making his face visible, calling him by his name, and mentioning his mother’s name, events that are in breach of the Convention on the Rights of the Child and Section 22 of Law No. 26,061. Read more
Judicial recognition of the right to be forgotten – Coppola Case
“Denegri, Natalia Ruth v. Google Inc.”, National Court of Appeals in Civil Matters No. 78, Division H, 10 August 2020. On 10 August 2020, Division H of the National Court of Appeals in Civil Matters upheld the first instance ruling ordering Google to remove the link from its search engines and YouTube platform related to Natalia Denegri and the Coppola Case – which had an important media impact in the 1990s – and “any possible image or video, obtained twenty years ago or more”. Natalia Denegri requested the application of the “right to be forgotten” for the removal from the Google search engine of certain publications related to events that took place 24 years ago on the grounds that they affected her personal rights (honor and privacy), which should prevail over the right to information derived from those events, as they were old, harmful, unnecessary and irrelevant to the public opinion. In answering the complaint, Google rejected the claim, arguing that Denegri was involved “in events of undeniable public interest that the public has a right to know about and have available”. Read more
News
Blockchain: Argentine advertising agency certifies campaign for Oreo on the Ethereum blockchain
Source: CRIPTONOTICIAS Argentina-based ad agency Kickads is taking Oreo biscuits to the Ethereum blockchain with its new strategy of certifying online ad campaigns. Kickads partnered with Spanish startup Adwatch, which is dedicated to certifying digital advertising on the blockchain, to “boost the transparency and sustainability of the online advertising ecosystem”. Read more
Access to Public Information Agency (“AAPI”) republished some tips for more secure video calls
The Agency for Access to Public Information (“AAPI”) reissued the following recommendations to keep in mind every time we log on to a platform to make or participate in a video call that had been published on 8 April 2020 on its website: • Read the privacy policies and terms and conditions of the mobile apps or platforms you are going to use. Companies should ask for your consent to process your personal data and it should be in writing or other similar means, in a clear and simple manner. Read more
Personal Data: sanction to the government of San Juan for breach of personal data
The National Directorate for the Protection of Personal Data (“DNPDP”), dependent on the Agency for Access to Public Information (“AAPI”), by Resolution No. 64/2021 (the “Resolution”) sanctioned the Ministry of Health of the province of San Juan for the breach of personal data of 115 thousand people who had applied for a driving license. This information had been exposed online due to a security breach on the website through which the permit was processed, which was disclosed in August 2020. Read more
Artificial Intelligence: proposal for a European Regulation
On 21 April 2021, the European Commission released its proposal for a Regulation containing aligned rules to regulate the development, marketing, and use of artificial intelligence in the European Union. The Regulation applies to “artificial intelligence systems” defined as “software that is developed using one or more of the techniques and approaches listed in Annex I and that, for a given set of human-defined objectives, can generate outputs such as content, predictions, recommendations or decisions that influence the environments with which they interact”. The Regulation will have extraterritorial reach, considering that it will apply to public and private actors, inside and outside the EU, whenever the AI system is placed on the EU market, or its use affect persons established in the EU. It does not apply to private non-professional uses. Read more
Personal Data: Rappi was fined for denying the right of suppression to a user
On 31 March 2021, by Resolution No. 32/2021, the Agency for Access to Public Information (“AAPI”) fined Rappi Arg SAS for non-compliance with the Personal Data Protection Law No. 25,326. The pecuniary sanction of AR$80,000.00 was for not responding in due time and form to a request for the suppression of the user’s personal data. Read more
Personal Data: COVID-19 – Personal data in travel
On 31 March 2021, the Executive Committee of the Global Privacy Assembly (“GPA”) issued a joint statement on the importance of protecting personal data, especially health data, required for domestic and international travel during the COVID-19 pandemic, issuing a series of recommendations for the protection of travelers’ personal data in the context of COVID-19. Through the Joint Statement, the GPA urges governments and other organizations responsible for processing health data for international travel purposes to consider, among others, the following principles, which reflect global data protection principles and practices. Read more
Advertising: Influencers – CONARP: A guide for communication for commercial purposes
The Council for Advertising Self-Regulation (“CONARP” for its acronym in Spanish) published in June 2020 the guide entitled “Influencers: Guide for communication for commercial purposes”, with the aim of providing guidelines and recommendations for companies that decide to hire influencers on social networks. Read more
Draft laws of interest
Abusive Publications on the Internet:
● File S-569/2021: filed on March 29th, 2021. Without Congress treatment.
Bill on the Crime of Persecutory Harassment (Stalking):
● File S-478/2021: Bill that Incorporates Article 149 Quater of the National Criminal Code that Criminalizes Harassment – Filed on March 18th, 2021. Without Congress treatment.
Cybersecurity Institute (INCIBAR):
● File S-30/2021: Bill creating the Argentine Cybersecurity Institute (INCIBAR). Filed on March 1st, 2021. Without Congress treatment.
Personal Data Protection:
● File 6234-D-2020: Personal Data Protection Act – Filed on November 17th, 2020. Without Congress treatment.
● File S-2986/2020: Personal Data Protection Act – Filed on December 9th, 2020. Without Congress treatment.
In general terms, both bills present great similarities with the draft bill drafted by the National Directorate for the Protection of Personal Data called “New version of the draft bill on the Protection of Personal Data” and with the draft bill on the protection of personal data submitted to Congress in 2018 (which lost parliamentary status in 2020). Notwithstanding this, there are some differences between the two bills, which can be found in the definition of the data subject, the age of validity of consent, the functions and responsibilities of the Agency for Access to Public Information, and the amounts of its pecuniary sanctions, the subjects legitimized to initiate collective actions, among others.
● File (S-29/2021): Draft Bill that Guarantees the Right to Suppression as contemplated in Section 16 of Law No. 25,326 – Filed on March 1st, 2021. Without Congress treatment.
● File S-0529/2020: Bill that Amends Law No. 25,326 on Personal Data Protection – Filed on April 3rd, 2020. Without Congress treatment.
Legal Regime for Influencers:
● File S-1358/2020: filed on June 30th, 2020. Without Congress treatment.
Illegal Content Publications on the Internet and Social Networks:
● File S-0848/2020: filed on May 6th, 2020. Without Congress treatment.
Please, do not hesitate to contact us should you require any additional information on these matters.