Data Protection Act

Changes to the Data Protection Act in Argentina

The following text is from the World Data Protection Report. Volume 8, Number 4, April, 2008. Copyright 2008 by The Bureau of National Affairs, Inc.). Written by Gustavo Daniel Tanús

The Argentine legal framework guarantees people their honour and dignity, as well as their privacy and data protection. The 1994 Amendment to the Constitution of Argentina introduced the right of “habeas data” in Section 43, a legal remedy that provides for special and expeditious
judicial action to safeguard these constitutional guarantees.

In November 2000, Data Protection Act No. 25.326 (“the Act” ) came into force governing the above mentioned constitutional rights. Decree No. 1558/2001 was issued one year later to clarify diverging interpretations of the Data Protection Act and to create a Data Protection Authority – Dirección Nacional de Protección de Datos Personales (“DNPDP” ) as a branch of the Ministry of Justice.

Data Protection legislation applies to the public and private sectors, including data of legal entities, and grants the rights of access, correction, blocking, deletion and updating
of personal data.

In June 2003, the European Commission recognised that Argentina guarantees an adequate level of protection of personal data (Decision C(2003) 1731)

After 1994, there were several cases in which data subjects have requested access, correction and deletion of their personal data. Most of these related to commercial data held by credit information agencies, the most discussed data protection issue in Argentina to date.

Under Section 26 of the Act, providers of information services on creditworthiness and credit may only process personal data obtained from registers and sources of public access set up for that purpose, or based on information provided by the data subjects or with their consent.

Processing is also allowed for personal data related to financial obligations provided by the creditors or someone else acting on their behalf.

At the request of a data subject, credit information agency shall communicate all reports, evaluations and appraisals provided about him in the previous six months, including the
names and addresses of the persons or bodies to whom the data was disclosed.

As a general rule, Section 5 of the Act states that express consent must be given by data subjects for the processing of their personal data, either in writing or through other
similar means. However, Section 26 sets forth that credit reporting will not require the previous consent of the data subjects for the transfer of their personal data or the notification of such transfer if the information is related to the business or credit activities of the reporting agencies.

The most controversial issue is the so-called “right to forget” . Pursuant to Section 26.4, only significant personal data to evaluate the economic and financial standing of the data subjects may be filed, recorded or transferred during the previous five years when the debt has not been cancelled.

After many debates about the starting point that should be used to calculate the five-year term established as a “right to forget” , both the court and the DNPDP now agree that it must be the time when the debt was contracted.

Moreover, Section 26.4 also states that the above mentioned five-year term must be reduced to two years when the debtor either cancels or pays off the obligation, as long as the creditworthiness databases clearly indicate such a pay off.

This provision works as a strong incentive for the paymentof due deb ts and succeeds in restoring debtors as worthy of credit and business. In addition, it helps to distinguish
individuals who had occasional payment problems from individuals who acted fraudulently and therefore do not deserve the application of the shortened term.

Nevertheless, the National Congress of Argentina considered this two-year term improper in the case of debts that were incurred during the 2001/2003 macroeconomic crisis, so changes were introduced so that people who took on a debt in that period and have since repaid it, or were otherwise ready to make a formal commitment to repay it, cannot be named in credit information databases.

On January 8, 2008, Act No. 25.326 was amended by Law No. 26.343, which introduced Section 47 to the Act providing that credit information agencies must delete or leave out from future registry all data related to debts and ratings of people whose commercial commitments fell in
arrears from January 1, 2000 to December 10, 2003, provided those debts were cancelled or brought under control at the time the law was enacted or within 180 days of its enactment. This amendment is both an amnesty to people who have paid their debts and also an incentive for
those willing to pay.

The two deadlines set by Section 26.4 of the Act will apply again after July 18, 2008 as if nothing ever happened.