The National Congress of Argentina (‘Congress’) announced, on 6 December 2018, that it had passed a bill approving Argentina’s accession to the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (‘Convention 108’) and its amending Protocol, with 135 votes in favour, three against and 47 abstentions.
Diego Fernández, Partner at Marval, O’Farrell & Mairal, told DataGuidance, “Argentina’s accession to Convention 108 demonstrates its willingness to be at the forefront of privacy and data protection. It also puts Argentina at the same level as EU Member States and even some Latin American countries, such as Mexico and Uruguay. Argentina has [adequacy] status based on the Data Protection Directive (Directive 95/46/EC), however, it is uncertain if such status would still stand if analysed under the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’). This is one of the reasons why Argentina is aiming to pass a new law in line with GDPR provisions (‘the Bill’). In the meantime, adhering to Convention 108 is a good first step in that direction and as a practical consequence, [it] should help the Bill pass more smoothly through Congress.”
There is a trend in Latin America to either introduce legislation in connection with data protection, or modernise existing regulations
The Bill, which was sent to Congress for consideration on 20 September 2018, seeks to introduce new provisions on data breach notification, Privacy by Design and Default, processing of data by third parties, Data Protection Impact Assessments, and a requirement for the appointment of a data protection officer.
Fernández concluded, “This is a time in which most nations are strengthening their data protection regulations, and making a careful and balanced analysis in connection with access to personal data by security forces based primarily on national security concerns. There is a trend in Latin America to either introduce legislation in connection with data protection, or modernise existing regulations. In most cases, if not all, countries in the region have been inspired by EU legislation. Furthermore, many Latin American data protection authorities have approved the Ibero-American Data Protection Standards, which also provide for some regulatory uniformity and which generally follow the GDPR provisions.”
PASCALE ARGUINARENA Privacy Analyst