Latest developments on Technology and data protection
By Mariano Peruzzotti and Candela Basilotta
| Amendments to the National Genetic Data Registry related to sexual offenses On October 14, 2024, Law No. 27,759 was published in the Official Gazette. This law amends Law No. 26,879 that created the National Registry of Genetic Data related to Sexual Offenses (“Registry”). Key changes introduced by Law No. 27,759 include: Extension of the Registry’s scope: The Registry’s purpose is extended to include locating missing, disappeared, or deceased persons and extends its application to other offenses. Defined subjects for data collection: The law authorizes the collection of genetic profiles from state personnel involved in criminal investigations, the victim’s profile collected at the crime scene with their consent, and any adult who voluntarily offers their genetic profile. Data Subjects’ rights: The rights to access and rectify data are recognized to data subjects and victims are granted the right to remove their genetic profile from the Registry. Application of Convention 108+: The Law rules the application of the Protocol amending the Council of Europe’s Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (“Convention 108+”) to the processing of genetic data stored in the Registry. Creation of the National Commission on genetic profiles: This Commission is established to coordinate, advise, and monitor the implementation and operation of the Registry. Amendment to the Criminal Code: The law introduces a penalty of imprisonment from 6 months to 4 years for unauthorized access, disclosure, insertion, or deletion of data affecting genetic data banks, records, exams, or DNA samples. The full text of Law No. 27,759 can be read in Spanish here. |
| Approval of the Mercosur E-Commerce Agreement On October 21, 2024, the Federal Congress approved the Mercosur E-Commerce Treaty (“Treaty”), originally signed in 2021. The Treaty includes the following commitments: Personal data protection: Parties undertake to adopt or maintain regulations that protect personal data of e-commerce users, implementing adequate security measures, and ensuring an appropriate level of protection for personal data transferred from another party. Unsolicited commercial communications: The Treaty prohibits the sending of unsolicited direct commercial communications to consumers without their consent. However, if consumer contact information is obtained in a sales context, it is permissible to send direct commercial communications on similar products or services, in accordance with local regulations. The full text of the Agreement can be read in Spanish here. |
| Argentina’s position on age verification in digital environments The Agency for Access to Public Information, together with data protection authorities from Canada, the Philippines, Gibraltar, Mexico and the United Kingdom, issued a joint statement on age verification (“Statement”). The Statement was adopted within the framework of the International Working Group on Age Verification, established in 2022 by the UK Information Commissioner’s Office to enable global supervisory authorities to share information and experiences related to age verification methods. The Statement highlights the importance of ensuring that methods used to verify a user’s age in a digital environment follows the principles of transparency, data minimization, lawfulness, and the best interests of the child. Providers, including those offering age verification services, must determine with reasonable certainty whether children or adolescents are likely to access their platform or website. Based on this determination, providers must implement effective age verification methods, evaluating and documenting potential risks posed to users. Such risks should be weighed against the child’s best interests, including their rights to access information online and to be protected from harmful content. Additionally, the Statement specifies that providers may not rely solely on self-declared age, as this method is easily bypassed, except where there is minimal or no risk to children’s personal data. More comprehensive data collection methods may be used where required by regulation or where there is a significant risk to children’s personal data. The full text of the Statement, in English, can be read here. |
| Head of the Agency for Access to Public Information elected as chair of the Committee of Convention 108 On November 15th, at the 47th annual meeting of the Committee of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (“Convention 108”), Beatriz Anchorena, head of the Agency for Access to Public Information, was elected chair of the Committee. The Committee is composed of representatives from the 55 countries that adhere to Convention 108, including Argentina. During the meeting, Beatriz Anchorena voiced that one of her goals during her two-year term as chair of the Committee will be to promote the entry into force of the amending protocol of Convention 108, known as Convention 108+. |
For further information please contact mperuzzotti@ojambf.com or cbasilotta@ojambf.com
