Modifications to the Personal Data Protection Sanction Framework

ARTICLE
Modifications to the Personal Data Protection Sanction Framework

The Argentine Personal Data Protection Authority approved the new catalogue of infringements and the ranking of sanctions applicable for violations to the Argentine Personal Data Protection Law.

February 26, 2015
Modifications to the Personal Data Protection Sanction Framework

On February 19, 2015, the Argentine Personal Data Protection Authority (hereinafter, the “DPA”) enacted Rule No. 9/2015 (hereinafter, the “Rule”), which approves the new catalogue of infringements and the ranking of sanctions applicable for violations to the Argentine Personal Data Protection Law No. 25,326 (hereinafter, the “Law”).

The Rule, published in the Official Gazette on February 24, 2015, includes new conducts to the list of infringements of former Rule No. 7/2005. For instance, violations to the Do Not Call Law (see New Argentine “Do Not Call” Registry in Marval News No. #142 of August 29, 2014) were incorporated to the catalogue of sanctioned conducts.

Moreover, the Rule modifies the previous ranking of sanctions (please see Personal Data Protection: New System of Infringements and Sanctions in Marval News No. #45 of November 30, 2005). Specifically, this new ranking determines that:

  1. minor infringements may be sanctioned with up to 2 warnings, and/or an AR$ 1,000 to AR$ 25,0000 fine;
  2. serious infringements may be sanctioned with up to 4 warnings, 1 to 30 days of suspension of the database and/or an AR$ 25,001 to AR$ 80,000 fine; and
  3. very serious infringements may be sanctioned with up to 6 warnings, 31 to 365 days of suspension, or cancellation of the database and/or an AR$ 80,001 to AR$100,000 fine.

All fines imposed by the DPA must be paid within 10 business days from the date of notification.