Emergency Decree No. 746/2017 designated the Agency of Access to Public Information as the authority charged with the application of the Data Protection Law.
Article updated on 11/24/2017 according to Decree N° 899/2017
Decree No. 1558/2001, which regulates Data Protection Law No. 25,326, (the “Data Protection Law”) stated that its controlling authority was the National Directorate of Data Protection (the “Directorate”). The Directorate is part of the National Department of Justice and Human Rights, and has been the data protection authority since it was formed in 2001.
The Directorate is also the authority in charge of the application of Law No. 26,951 which regulates the national “Do Not Call” registry (the “Do Not Call Registry Law”).
Recently, section 19 of Law No. 27,275 on Access to Public Information (the “Access to Public Information Law”) created the Agency of Access to Public Information (the “Agency”) as its controlling authority. The Agency is an autarchic entity that operates with functional autonomy within the President’s Chief of Staff Office. Its main duties are to ensure compliance with the principles and procedures established by the law, as well as to guarantee access to public information and promote transparency.
Meanwhile, Emergency Decree No. 746/2017 (“Decree 746”) modified the Ministries Law (as contained in Decree No. 438/92).
In particular, Decree 746 modified section 16 of the Ministries Law and included among the duties of the President’s Chief of Staff those of guaranteeing the right to access to public information and controlling the application of the Data Protection Law.
Moreover, Decree 746 modified section 19 of the Access to Public Information Law, stating that –in addition to ensuring compliance with the principles and procedures established by the Access to Public Information Law– the Agency must act as the controlling authority of the Data Protection Law. Furthermore, it included in section 24 that the Agency has the duty of supervising the integral protection of personal data to guarantee the rights of people to honor and privacy, as well as their right to access their personal data.
Lastly, Decree 746 modified section 19 of the Do Not Call Registry Law and named the Agency as its controlling authority too.
Additionally, Decree No. 899/2017 modified section 29 of Decree No. 1558/2001, which established that the Directorate was the controlling authority of the Data Protection Law, and replaced it with the Agency. Decree No. 899/2017 also stated that all regulatory references to the Directorate, its functions or authorities will be considered as a reference to the Agency.
In part, the designation of the Agency –which is autarchic and independent– as the authority charged with the application of the Data Protection Law and the Do Not Call Registry Law, is probably a response to an observation made by the European Union at the time of the recognition of Argentina as a country granting appropriate protection for the purposes of international data transfer. When issuing its opinion, the European Union had commented negatively on the lack of independence of the Directorate.
The Access to Public Information Law as not been regulated yet.
This insight is a brief comment on legal news in Argentina; it does not purport to be an exhaustive analysis or to provide legal advice.