Protecting Personal Data in Argentina Is a Work in Progress · Global Voices
Milton Ramirez

Cloud Computing – Photo by Quinn Dombrowski on Flickr. (CC BY-NC-SA 2.0).
In an article for online magazine Digital Rights: Latin America & The Caribbean, No.21, Argentinean lawyer Valeria Milanés explains that even though the United States is a world leader in data processing, it does not have legislation for the protection of personal data. The US is also considered to have “an inadequate level of protection in relationship to national and international standards.”
Unfortunately, in North America and other countries, the evolution of technology has outpaced the development of legal regimes intended to govern their use. Milanés explains the case of Argentina and mentions National Directorate for Personal Data Protection and the Law of Personal Data, D.N.P.D.P., (Laws 25.326 and 26.343), which is among the “most advanced on the issue of data protection.” The problems lie in its implementation:
…en 2012, y luego de doce años de funcionamiento, la D.N.P.D.P. tenía registradas 20.000 bases de datos, contra 1.600.000 que tenía registradas a la misma fecha y en similar plazo la Agencia Española de Protección de Datos.
…in 2012, after twelve years in service, the D.N.P.D.P. had registered 20,000 databases, compared with 1,600,000 databases registered by that date and within the same period with the Spanish Data Protection Agency.
Milanés says that cloud computing presents new challenges:
…las grandes empresas multinacionales prestadoras de los servicios de nube pública se caracterizan por utilizar contratos de adhesión, que por lo general no contienen las especificaciones requeridas en la ley 25.326 y en los que hasta la ley aplicable y jurisdicción prefijada corresponde al país en los que estas empresas tienen sus domicilios legales –por lo general, ciudades de Estados Unidos–. Es más, inclusive los servidores en los que se almacena la información pueden no encontrarse en Argentina.
…large multinational public cloud service providers are known for using adhesion contracts, which generally do not contain specifications established by Law 25.326 and in which the applicable law and predetermined jurisdiction are that of the country where these companies are legally domiciled, mainly US cities. Furthermore, even the servers that store the information are sometimes not in Argentina.
Thus, the Argentinean experience is no different from other countries in the region, who despite having laws protecting the personal data of individuals and corporations still have a long way to go.
Milanés concludes that the issue needs “actions towards effective implementation and compliance with current laws and adoption of responsible and sound business practices to allow, to the extent possible, for personal data privacy and security guarantees to be preserved.”