For years when Buenos Aires and Madrid were not as close as these last days of February thanks to the State Visit of President Macri and his wife in which, among other activities, they inaugurated the 36th edition of the International Contemporary Art Fair - ARCOMadrid-, in which Argentina has been the guest country.
On the occasion of that visit, His Majesty the King was underlining these days the "solid" existing economic relations that, economically and as Don Felipe recalled “Spain continues to be the second largest investor in Argentina and some 300 Spanish companies contribute in Argentina to productive development, to creating direct jobs and many more indirect ones, and to modernize and make the economy more competitive in strategic sectors such as telecommunications, energy, transport infrastructures or banking and insurance, among others".
Don Felipe also remembered these days that we shared with Argentina a "Common Ibero-American destiny and the same universal principles and values"among which is "Respect for the rights of the person".
Indeed, there is a legal field in which Argentina was a pioneer when it came to aligning itself with Europe: its regulatory framework for the protection of personal data. Thus, the Argentine Constitution of 1994 provides for a special judicial remedy, called "habeas data" to protect personal data and in 2000 it approved its Law 25.326 on personal data protection and Regulatory Decree no 1558/2001 that earned it, in 2003, to be the first country in Latin America to which the European Commission recognized the status of "adaptation" of its regulations (Decision 2003/490 / EC of the Commission, of June 30, 2003). As of today, only Argentina and Uruguay are considered by the European Commission countries that guarantee an adequate level of protection with regard to personal data in Latin America.
Precisely, in that year 2003, when Argentina was declared a “suitable country”, the so-called Ibero-American Data Protection Network was formed, in which 14 Ibero-American countries participated, essentially following the European privacy model.
It is not surprising that when the European Regulation 2016/679, of April 27, 2016 (the General Data Protection Regulation or “RGPD”) was published last May, which will be applicable from May 25, 2018, the Argentine National Directorate for Personal Data Protection (“DNPDP”) began a reflection process to modify its regulations and, precisely, adapt it to the new European Regulation. Last January 2016 the “DNPDP” published through the digital platform of the Ministry of Justice and Human Rights of the Argentine Nation a preliminary draft of the personal data protection law to replace its Law 25.326 and Protection of Personal Data and Law 26.951 known as the “Do Not Call Registry Law” (4)
And it is that, the fact that a country is considered "adequate" for the purposes of data protection by the European Commission, has important economic repercussions since it exempts data transfers to that country from the need for prior authorization processes, which, more Beyond facilitating specific businesses (location of data centers, call centers, etc.) no one is hiding that it is of enormous importance in the development of the digital economy that is today the engine of all developed economies. In this sense, Argentina in December adopted model clauses for the international transfer of personal data, once again copying the European model (see http://www.allendebrea.com.ar/ NovedadLegal / Details / 1593 / argentina-% E2% 80% 93-new-regulation-on-data-transfers ).
This step taken by Argentina to follow the European data protection model leads to a deeper reflection which is the friction that is occurring since despite the fact that our smartphones, The social networks that we use or the vast majority of the e-commerce or messaging platforms that we use are North American -evidence recognized not without some frustration by the European Commission in its efforts to promote the Digital Single Market (1) - the model and regulation However, in a matter so critical to the protection and free movement of data, it is the European model.
It is true that the major setback caused by the cancellation of the “Safe Harbor” program that facilitated cross-border data flows between Europe and the United States at the end of 2016 (the subject of one of the first posts in this blog (2) has been momentarily overcome for the approval of the new “Privacy Shield” program (3) but, despite this, and despite the undisputed economic leadership of North American technology companies on the world scene, the privacy model that is spreading is the one that has been marking Europe and the United States. The United States has understood that it cannot afford that new setbacks can occur to its system that hinder the free flow of data from or to its territory.
The initiative taken by Argentina inspired by the European model is being followed by the rest of the Ibero-American region (Mexico and Colombia have laws following the European model and Chile and Brazil are discussing similar bills) and it is a great opportunity for all countries that the principles of protection and also of free circulation of personal data are effective on both sides of the Atlantic. It is too early to know how the North American “Privacy Shield” will work and what position the United States will adopt in light of the evidence that the Ibero-American region has embraced the model of the European Data Protection Regulation, but what is clear is that, as you well know in Argentina "It takes two to tango".
(1) https://ec.europa.eu/commission/priorities/digital-single-market_en(2) http://www.fidefundacion.es/mjuridico/La-proteccion-y-libre-circulacion-de-datos-upside-down-del-reves_a2.html(3) https://www.privacyshield.gov/welcome
(4) For those who want to delve into this draft, I attach a link http://www.allendebrea.com.ar/NovedadLegal/Details/1596/new-argentine-data-protection-bill–deadline-to-file-comments-with-the-dpa-feb-28,-2017 to the analysis on the same carried out by the Argentine lawyer specialized in Data Protection Pablo A. Palazzi http://www.allendebrea.com.ar/Abogado/DetailsSocio/16?printPreview=False which, basically, follows the European model of the General Data Protection Regulation, introducing the concept of "Accountability" or proactive responsibility of those responsible for data processing.
Article written by Javier Fernández-Samaniego y Paul Palazzi.
Paul A. Palazzi, email@example.com
Pablo Palazzi is a lawyer and partner at the Allende & Brea law firm. His practice focuses on technology, intellectual property and personal data protection companies.