The Agency of Access to Public Information issued Resolution 240/2022, modifying the regime and ranking of sanctions for not complying with the Personal Data Protection Law No. 25326, considering the technological transformations and the development of the digital economy may further promote violations to the right to protection of personal data and privacy.
On the other hand, the Resolution maintains the Registry of Infringers created by Law No. 25326. The main purpose of this Registry is to gather background information for evaluating the amounts established as sanctions, especially if the same infringement is repeated.
Regarding the ranking of sanctions, the amendments are:
- Minor infringement: up to 2 warnings and/or a fine of AR$ 1,000 to AR$ 80,000.
- Major infringement: up to 4 warnings, suspension from 1 to 30 days, and/or a fine from AR$ 80,001 to AR$ 90,000.
- Extreme infringement: up to 6 warnings; suspension from 31 to 365 days; closure or cancellation of the file, registry, or data bank; and/or a fine from AR$ 90,001 to AR$ 100,000.
Further, the Resolution No. 244/2022 limits the fines applicable to several infringements included in the same administrative procedure to: (i) AR$ 3,000,000 for minor infringements, (ii) AR$ 10,000,000 for major infringements, and (iii) AR$ 15,000,000 for extreme infringements.
Article provided by INPLP member: Diego Fernandez (Marval O’Farrell Mairal, Argentina)
Dr. Tobias Höllwarth (Managing Director INPLP)