DPA
Subscribe to DPA's Posts

Safe Harbor Update: European Commission Reaffirms Commitment to a Safe Harbor Sequel

As we reported on October 19th, the Article 29 Working Party on the Protection of Individuals with Regard to the Processing of Personal Data challenged the EU member states to “open discussions with the US” to find a viable alternative to the Safe Harbor program. Today, the European Commission (EC) issued a public statement confirming its commitment to working with the United States on a “renewed and sound framework for transatlantic transfers of personal data.” The apparent trigger for today’s announcement are “concerns” from businesses about “the possibilities for continued data transfers” while the Safe Harbor Sequel is under negotiation.

In its statement, the EC confirms that during the pendency of the U.S.-EU negotiations, Standard Contractual Clauses and Binding Corporate Rules (BCRs) are viable bases for legitimizing data transfers that formerly were validated by the Safe Harbor Program.

The EC was careful to note that today’s guidance “does not lay down any binding rules” and “is without prejudice to the powers and duty of the DPAs (Data Protection Authorities) to examine the lawfulness of such transfers in full independence.”  In other words, a DPA still may decide that Standard Contractual Clauses and BCRs are not viable under its country’s laws.




Argentina Adopts New Data Protection Regulations for the Use of Do Not Call Registry and CCTV

The Argentinian Data Protection Authority (DPA) beefs up penalties to fight robocalls and unconsented-to video surveillance by enacting Do Not Call and CCTV regulations.

Because robocalls are cheap and efficient, they have become a quite popular form of advertising in Argentina. In order to curb the variety of abuses that can come from robocalling–such as deceptive and abusive marketing–Argentina is injecting into their regulatory regime penalty-driven regulations that will address the problems presented by robocalls. This will preserve their beneficial use while still complying with Argentina’s privacy law requirements. Specifically, the February 2015 sanctions regulation addresses the recently adopted national Do Not Call registry that was implemented at the start of this year.

To comply with the Do Not Call regulations, companies need to register and download the database of individuals who do not want to be called. If companies fail to do so, they can be subject to various serious fines of up to USD $12,000. Examples of serious breaches include the processing of personal data without the DPA registration or breach of the Do Not Call regulation in marketing campaigns (even if the caller is located abroad). Any international transfers in breach of the Data Protection Act and its regulations would be considered a more serious breach. Indeed, the DPA has already issued 60 enforcement notices based on this new sanctions regulation.

In February, the DPA also enacted a law regulating the use of closed-circuit television (CCTV) cameras for video surveillance in the private and public sphere. The new CCTV regulation requires data controllers to apply, if possible, notice and consent provisions to CCTV-related data processing. It also requires that a conspicuous sign be included for the purpose of informing the data subject of the name and domicile of the data controller, as well as where to exercise the data protection rights. Additionally, CCTV databases must be registered and the personal data collected shall not be used for any purpose incompatible with that which gives rise to their collection. It is important to note that some CCTV processing is exempted from consent, such as public government databases and processing data within private property for private purposes.

These regulations were enacted in an effort to round out and complete Argentina’s privacy legal framework.




STAY CONNECTED

TOPICS

ARCHIVES

2021 Chambers USA top ranked firm
LEgal 500 EMEA top tier firm 2021