New Guidelines, Recommendations, and Best Practices for Processing Genetic Data

Through Resolution No. 255/2022, the Data Protection Authority (DPA) approved the Guidelines, Recommendations, and Best Practices for the Personal Data Protection Law No. 25326 (PDPL) regarding genetic data.

The DPA highlighted that the Law No. 27699, enacted on November 30, 2022, approved the Protocol modifying the Convention for the Protection of Individuals Regarding Automatic Processing of Personal Data (commonly known as Convention 108+). Thus, the Convention 108+ was introduced to Argentina’s data protection regime. Specifically, this regulation expands the PDPL definition of sensitive data to include genetic and biometric data.

In this sense, the Resolution defines genetic data as the data on inherited or acquired genetic features of an individual that provides information about their physiology or health.

Further, the Resolution establishes that such data will be considered sensitive when univocally identifying an individual and revealing information on the health or physiology of the data subject, or when processing such data can cause the data subject to potentially be discriminated.

In this scenario, the Resolution indicates higher levels of security, confidentiality, restrictions on access, use, and circulation when processing the data, in accordance with the provisions of article 9 of the PDPL and the Resolution No. 47/2018.