Skip to main content

Argentina - Changes in the Classification and Ranking for Infringements to the Personal Data Protection Law

|

Trough Resolutions No. 240/2022 and 244/2022 the Agency for Access to Public Information through Resolutions No. 240/2022 and 244/2022 amended the classification and amounts provided by Provision No. 7/2005 and E 71/2016 of the Argentine Direction for the Protection of Personal Data.

The Agency of Access to Public Information issued Resolution 240/2022, modifying the regime and ranking of sanctions for not complying with the Personal Data Protection Law No. 25326, considering the technological transformations and the development of the digital economy may further promote violations to the right to protection of personal data and privacy.

The changes include a re-classification of infringements. One example of "very severe" infringement is collecting and processing sensitive data without the consent of the data subject, without reasons of general interest authorized by law, or without processing the data for statistical or scientific purposes properly anonymizing it (Provision No. 7/2005 referred to pseudo-anonymization). The Resolution also considers as "very severe" infringement the fact that for the data controller processing personal data on the Internet fail to inform in their privacy policy, its legal address, and any other data necessary to identify them.

On the other hand, the Resolution maintains the Registry of Infringers created by Law No. 25326. The main purpose of this Registry is to gather background information for evaluating the amounts established as sanctions, especially if the same infringement is repeated.

Regarding the ranking of sanctions, the amendments are:

  • Minor infringement: up to 2 warnings and/or a fine of AR$ 1,000 to AR$ 80,000.
  • Major infringement: up to 4 warnings, suspension from 1 to 30 days, and/or a fine from AR$ 80,001 to AR$ 90,000.
  • Extreme infringement: up to 6 warnings; suspension from 31 to 365 days; closure or cancellation of the file, registry, or data bank; and/or a fine from AR$ 90,001 to AR$ 100,000.

Further, the Resolution No. 244/2022 limits the fines applicable to several infringements included in the same administrative procedure to: (i) AR$ 3,000,000 for minor infringements, (ii) AR$ 10,000,000 for major infringements, and (iii) AR$ 15,000,000 for extreme infringements.

 

Article provided by INPLP member: Diego Fernandez (Marval O’Farrell Mairal, Argentina)

 

 

Discover more about the INPLP and the INPLP-Members

Dr. Tobias Höllwarth (Managing Director INPLP)

Cloud Privacy Check (CPC). Data Privacy Compliance in the Cloud Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.

VIEW STREAM

About Us

EuroCloud is an independent non-profit organization and consists of a two-tier setup where organisations form all European countries can apply to participate in as long as they respect the EuroCloud Statutes.

To act as a true European player, all programs that are developed are intended to be European activities. These European programs are the strength of EuroCloud as a whole. Respect to local cultures along with the will to promote a real European spirit.

{$page.footerData}