Colombia, the GPEN and the IoT

The Colombian DPA has joined the Global Privacy Enforcement Network (GPEN) in participating in examining nearly 300 devices related to the Internet of Things.

The GPEN is a group of privacy regulators whose mission is to improve cooperation in enforcement of cross-border laws affecting privacy. There are several latin american data protection agencies that are members of the GPEN.

More info

Argentina: Compartir datos no es delito – Sharing personal data is not a crime


El estado decidió hacer una transferencia de datos personales en poder de la agencia de seguridad social a la Jefatura de Gabinete de Ministros. Dicha transferencia se hizo dentro del marco del art. 11 de la ley 25.326, con el fin de informar a la ciudadanía el uso de fondos públicos. La transferencia cumple con el art. 11 y tuvo dictamen de la agencia argentina de protección de datos en forma favorable.

Ante ello un grupo de legisladores iniciaron un amparo colectivo y una denuncia penal en la cual dicen que esto sería un delito (lo cual es un grave error ya que compartir datos per se no es delito penal). La causa penal contra el Gobierno por el uso de datos personales de los ciudadanos para comunicaciones de la gestión política está a punto de quedar en la nada. El fiscal federal Guillermo Marijuan opinó que se debe desestimar la denuncia contra el jefe de Gabinete, Marcos Peña, acusado de incumplimiento de los deberes de funcionario público, abuso de autoridad, violación de secretos y de la privacidad, a raíz del decreto para utilizar la base de datos de la ANSeS.


A federal prosecutor decided not to press charges in a criminal case that started when the social security agency in Argentina transferred certain personal data to another agency.


Continue reading Argentina: Compartir datos no es delito – Sharing personal data is not a crime

Argentina: public consultation about the amendment of the DP law

Today there was a public discussion on the possible amendment of the data protection law, organized by the data protection agency and the Ministry of Justice.

There was a general consensus that the law should be changed and that the European Model and the new Regulation is a good starting point for the change in Argentina and the region. All attendants of the debate agreed that the EU model will be a guideline for the Argentine amendment.



Argentina – new supreme court ruling on the intersection between FOIA and data protection

The access to public information and personal data protection according to a recent ruling of the Argentine CSJN


On June 21, 2016, the Argentine Republic Supreme Court of Justice (“CSJN”) issued a ruling regarding the protection of personal data when an argentine citizen attempted to exercise his right to access public information.

The ruling was issued in “Garrido, Carlos Manuel c/ EN – AFIP s/ amparo ley 16,986”. In this case, the plaintiff, an argentine citizen and congressman, requested to the national tax agency, the Administración Federal de Ingresos Públicos (“AFIP”), certain information regarding the employment relationship of an employee of that agency and, in particular, about an administrative proceeding initiated against that civil servant.

AFIP refused to provide the information as it represented sensitive personal data of the employee as well it included information about a proceeding that could be endanger, both exceptions to decline a public information request set forth in Decree No. 1172/2003, which regulates the right to access public information of the Federal Government, and also due to the fact that the plaintiff lacked a right to request the information. Given the situation, the plaintiff filed a complaint with the courts, which was admitted and it was ordered that the information was provided. As a consequence, AFIP appealed the judgment but the appeal was rejected. After that, they filed a motion before the CSJN to hear the case and which resulted in the ruling under analysis. The CSJN review the 3 arguments given by AFIP and resolved to uphold the ruling and obliged the provision of the information requested.

Regarding the first defence, the CSJN, following the criteria established in the case “Cippec”, considered that in order to access public information it is not necessary a qualified interest and its sufficient with being a member of the community given that the public information belongs to the argentine people. In this regard, the CSJN did not determine whether it was necessary to prove the condition of argentine citizen, or at least of argentine resident, in order to admit the request of information; in other words, it was not said if a foreigner could request public information in the Argentine Republic.

In respect with the defence that the public information requested was sensitive personal data, the CSJN considered that in the case there was no sensitive personal data involved that could allow AFIP the rejection of the information requested under decree No. 1172/2003. This was due to the fact that the information only was related to the employment record of the civil servant involved and that the data requested did not fall under any category that could be considered as sensitive personal data under Law No. 25,326 nor there was damage to the employee’s privacy.

Finally, and regarding the third defence, the CSJN considered that the information requested on the status of the administrative proceeding against the employee did not imply in any form the revelation of the strategy to be adopted on a trail or the release of techniques or proceedings of investigation or damage to the due process.

For further information on this topic please contact Pablo A. Palazzi y Andrés Chomczyk