The State of Communication and Privacy Law in Argentina (2020)
Is there a data protection law?
Argentina has a comprehensive data protection framework, Law 25.326/2000.
Since 2017, the Access to Public Information Agency has been the new data protection oversight authority and has replaced the ex-National Data Protection Directorate. The agency resides under the Chief of the Cabinet of Ministers, and its director will serve five years in office with the possibility of being re-elected for a single time.SEE MORE
Does the data protection law apply to law enforcement activities?
As for data protection rules applicable to law enforcement agencies, Article 23 of the Data Protection Law stipulates which cases are subject to the law, and outlines some fundamental principles.
Regarding the collection and processing of personal data held by the State, Article 8 of the Access to Public Information Act establishes some exceptions where data can not be obtained through access to information law.SEE MORE
What are the criteria, if any, for the transfer of personal data to third countries under their data protection law?
Argentina has been considered a country that provides an adequate level of data protection according to EU standards. The Argentinian Data Protection Law prohibits the transfer of personal data to any country or international organization that does not provide adequate levels of protection. This prohibition does not apply when the data subject has expressly consented to the transfer.SEE MORE
Many of the rules are under the Department of Capturing of Communications of the Judiciary (DCCPJ, in Spanish). DCCPJ is the specialized agency in charge of intercepting all communications, upon a judicial request in criminal investigations. This is in line with Law 19.798, which states that the interception of communications only proceeds at the request of a competent judge.
Interception of communication - Prior judicial order is required.
Access to the content of communications - Treated like interception of communication.
Access to metadata - Protected by Constitution at the same level as “private papers,” upon a judicial order.
Access to subscriber data - No specific protection in the Constitution, upon prosecutor’s request.
Location data - Treated like metadata.SEE MORE
What’s the factual basis to access communications data?
The factual basis for accessing communications data in Argentina includes:
Article 150 of the Criminal Prosecution Code
Article 10 of the Data Protection Law
The Halabi Case (Supreme Court of Argentina, decision of February 24, 2009)
For details on the above articles and cases,SEE MORE
Which authorities have the legal capacity to request access to communications data?
Fiscal Public Prosecutor in criminal investigations;
Federal Intelligence Agency, through its General Director;
Comisión Nacional de Comunicaciones can access retained data through regulation of quality of telecommunications service.
For details on the above authorities,SEE MORE
Does the country have provisions about access to data in cases of emergency?
Article 142, paragraph e, states that the Public Prosecutor, and not the judge, can order the interception of communication or access to the associated data in cases where the victim of an illegal deprivation of liberty finds themself and their life or physical integrity in imminent danger. For all other cases, ADC states that prior judicial authorization is still necessary.SEE MORE
Is there any data retention mandate?
There is no specific general data retention obligation for traffic data in Argentina. It was declared unconstitutional in the Halabi case. However, a couple of regulations imposed a narrower data retention obligation:
* Law 25.891 on Mobile Communications Services creates a national public registry of mobile users where users’ personal and domiciliary data should be registered. The law mandates that mobile telecommunications companies send “all the information on their users” to such a registry.
* Article 6 of the country’s Regulations on the Quality of Telecommunications Services requires providers to keep the data collected by their systems electronically for at least three years for quality assurance purposes. Also, it stipulates that the enforcement authority (ENACOM) may request access to such data partially or in full.SEE MORE
Are there any rules that authorize the use of malware?
There are currently no laws that explicitly authorize the use of malware.SEE MORE
Is there any law that compels companies to provide direct access to their internal servers for law enforcement purposes?
There is no law that obliges companies to provide this kind of access.
Does the law compel companies to assist law enforcement agencies in their investigations?
Article 150 of the Criminal Procedure Code, concerning interception, stipulates that communication service providers must enable the measure to be immediately carried out, subject to criminal liability in case of noncompliance. A general obligation for Internet Service Providers to render information to the competent authorities is set by Law 27.078/2014. In addition, the law establishes the penalties that the telecommunications enforcement authority (ENACOM) may apply to companies for not complying with the law and the service’s license obligations.SEE MORE
Does the State report on the number of requests to access communications data?
The Argentinian State does not publish transparency reports.SEE MORE
Is there any legal limitation that prohibits companies from publishing transparency reports?
To the best of our knowledge, no normative framework prohibits companies from publishing statistical data on the number of data requests made by the State in criminal or national security matters.
Do telecommunication companies publish transparency reports?
Telefónica-Movistar publishes yearly transparency reports. DIRECTV publishes yearly transparency reports, but with very little data regarding most of the Latin American countries. Cablevision, Telecom, Telecentro, and IPLAN do not publish transparency reports.SEE MORE
Can companies notify users about States’ data requests?
Argentinian criminal law does not include an obligation nor a prohibition to notify the individual, not even when the interception is over. The subject of the investigation may learn about the evidence used in a criminal proceeding. However, an individual may never learn about the evidence if it was irrelevant to an investigation and dismissed by the prosecutor or the judge.