Argentina’s data protection authority, the Agency of Access to Public Information, i.e. the controlling authority pursuant to Data Protection Law No. 25,326, recently published its 2020 Annual Report on the protection of personal data.
Besides the information on the different proceedings carried out by the Agency during this period, the report starts by pointing out that effective January 1, 2021, the head of the Data Protection Authority, Mr. Eduardo Bertoni, resigned as Director without a replacement being nominated yet.
Moreover, the annual report enumerates the administrative files processed and prosecuted by the Agency during 2020, incluing the following:
- 275 administrative files were opened for complaints based on the Data Protection Law, with 13 fines/penalties totalizing ARS 1,226, 305.
- 13,230 documents were incorporated into the Registry of Questioned Identity Documents.
- 10,104 complaints related to the National Do Not Call Registry (which resulted in the initiation of 17 new filings) were received.
- 1,170 data controllers were registered with the national registry, while 2,362 databases were registered (2,278 private and 84 public).
- 3 different reports were drafted on Argentina’s adequacy to meet GDPR standards.
- 2 reports were prepared and filed with the Council of Europe on measures aimed at facilitating the entry into force of Convention 108.
- 10 spontaneous investigations were conducted (one of which was confidential), among which the one required by the Undersecretaries of Open Government and Digital Country and Public Innovation, stands, regarding the CuidAR app (the federal government’s COVID-19 app; more information about the CuidAR app here).
Moreover, the annual report states that because of the COVID-19 pandemic, the Agency issued 3 guidelines with information regarding:
- Processing of personal data during the COVID-19 pandemic.
- Processing of personal data in the use of geolocation tools.
- Processing of personal data and temperature checks.
Additionally, as indicated in the 2019 Annual Report (more information here), the Agency completed its projects on:
- New inspection procedure [the Agency approved Regulation No. 332/2020 with new inspection proceedings on personal data matters as well as legal and technical guidelines to be followed in those inspections].
- Binational Guide on Data Protection Impact Assessment (mechanism devised together with the data protection authority of Uruguay) [the Agency approved the Data Protection Impact Assessment Guidelines].
Lastly, the annual report states that, during this period, the Agency received 10,104 complaints in connection with the Do Not Call Registry and imposed monetary sanctions worth ARS 93,035,100 (approximately USD 1, 000,000).
Article provided by: Diego Fernandez (Marval O’Farrell Mairal, Argentina)
Dr. Tobias Höllwarth (Managing Director INPLP)