The DPA issued its full conclusion of the process of amendment of the data protection act of argentina, the full text with a summary of each proposal of academia and civil society and chambers of companies is available below, with the letter that the DPA issued on December 19, 2016.
The bill was approved by the Senate on Friday November 26 and is now in the Chamber of deputies. The bill criminalizes the fact of broadcasting or uploading by any tachnological means intimate images taken in a private environment even if the person allowed the photo to be taken.
Media sancion al revenge porn por el Senado s2203-16pl
Argentina – New regulation on data transfers – See Spanish version here.
The Argentina data Protection Agency (DPA) has issues a new regulation on international transfers of personal data (DNPDP Disposition 60 – E/2016). Under the new regulation the DPA has:
- Approved a model form for international transfers to a data controller and also another form for transfer to a data processor (for rendering services).
- The model is party based in the EU model with some changes.
- If the data controller is using a different model, then he needs to file its agreement with the DPA for approval within 30 days.
- The new regulation list countries that are considered adequate (those recognized as adequate by the EU).
The Facebook-owned messaging platform WhatsApp is the leader in the Brazilian mobile messaging market, surpassing 100 million users. Brazilians have long ceased to use SMS messaging as a means of daily communication. The strong presence of WhatsApp is favoured by some telecom companies delivering the service for ‘free’ in the zero-rating model, in which the app doesn’t use a person’s data.
Hence, the multiple recent bans on WhatsApp’ services ordered by Brazilian magistrates ignited widespread discussion. Currently, the platform has been ordered to suspend its services four times, with law enforcement authorities arguing that the company hasn’t released to law enforcement user data which was deemed fundamental for criminal investigations. The issue recently escalated with WhatsApp adopting end-to-end encryption by default to all its users, meaning that, in theory, the company will hold no user content data.
Throughout 2016, several court orders have demanded temporarily blockage of WhatsApp due to disputes over access to encrypted data, however, Brazilian Law does not prohibit or ban encryption. The most recent of these court orders occurred in October 2016. The third order occurred in July 2016 and the platform was subsequently banned in the country for hours. Unlike previous cases in which a magistrate required the company to produce users’ IDs and the content of conversations, in this case the magistrate asked WhatsApp to disable its encryption and allow for real time monitoring of conversations. The case in question was an investigation on criminal organizations.
Continue reading in original here.
The new regulation is more detailed than the former Audit Regulation. It is part of the new DPA´s action plan to increase audits and fines. See full text of the regulation in Spanish below:
A class action filed by several congressmen about the transfer of personal data from one unit of the government to another unit was rejected by a federal district court in Buenos Aires. The case prompted a public debate. The transfer was authorized by the DPA because it complied with section 11 of the data protection act.
I have discussed in this blog issues related to CCTV regulation the past, specially in Argentina the CCTV resolution enacted in the year by the DPA that requires companies to register the database of CCTV footage, and to include visible signs indicating use of CCTV monitoring and an internal manual.
Now the DPA has issued a new legal report related to access to footage of CCTV. The report of the DPA is an answer to several financial entities that requested the DPA to explain how to grant access to CCTV footage at the request of access by an individual. The CCTV regulation generally mentions that the right of access exists but do not explain how this access should take place if there is a vague access request (e.g. the bank will have a huge expense in searching all the CCTV footage of several months).
In this report the DPA clarifies that the data subject may send as part of it request a photo so the data controller can identify the frames where the data subject was recorded.
In addition the DPA points out that the request may be subject to a fee if it is too onerous to a bank. The information can be provided in writing or recorded in a CD-ROM.
I am glad to report that the Linklater´s 2016 edition of Data Protected has been published. I helped with the Argentina chapter available here:
The report contains a comprehensive summary of data protection legislation in 53 jurisdictions throughout the world.