Page 1

AGENCY FOR ACCESS TO PUBLIC INFORMATION
Resolution 4/2019
RESOL-2019-4-APN-AAIP
City of Buenos Aires, 01/13/2019
HAVING SEEN EX-2018-52934591-APN-AAIP, Law No. 25,326 on Protection of Personal Data, Law No. 27,275, and Decrees No. 206 of March 27, 2017 and No. 746 of September 25, 2017, Y
CONSIDERING:
That Law No. 25,326 on the Protection of Personal Data, has as its objective “the comprehensive protection of personal data recorded in files, registers, data banks, or other technical means of data processing, whether they are public or private, intended for give reports, to
guarantee the right to honor and privacy of people, as well as access to the information that is recorded about them, in accordance with the provisions of article 43, third paragraph of the National Constitution ”(article 1, Law No. 25,326).
That by Decree No. 1558 of November 29, 2001, regulating Law No. 25,326, the NATIONAL DIRECTORATE FOR THE PROTECTION OF PERSONAL DATA was created, within the orbit of the SECRETARIAT OF JUSTICE AND LEGISLATIVE AFFAIRS of the MINISTRY OF
JUSTICE AND HUMAN RIGHTS, as the control body of the aforementioned Law (Annex I, article 29, Decree No. 1558/01).
That, on the other hand, Law No. 27,275 on the Right of Access to Public Information created the AGENCY OF ACCESS TO PUBLIC INFORMATION (AAIP) as an autarkic entity with functional autonomy within the scope of the HEAD OF MINISTERS 'CABINET with the purpose
to "ensure compliance with the principles and procedures established in Law [No. 27,275], guarantee the effective exercise of the right of access to public information, and promote active transparency measures" (Article 19, Law No. 27,275).
That Decree No. 746 of September 25, 2017 replaced Article 19 of Law No. 27,275, attributing to the PUBLIC INFORMATION ACCESS AGENCY the power to act as the Enforcement Authority of Law No. 25,326 and was incorporated as subsection t) to
Article 24 of Law No. 27,275, the competence of the AAIP to “[f] monitor the comprehensive protection of personal data recorded in files, registers, data banks, or other technical means of data processing, whether public, or private companies intended to give reports, to
guarantee the right to honor and privacy of people, as well as access to the information that is recorded on them ”.
That, likewise, Decree No. 899 of November 3, 2017 replaced article 29 of Annex I of Decree No. 1558/01, establishing that “the AGENCY FOR ACCESS TO PUBLIC INFORMATION, in accordance with the terms of article 19 of the Law No. 27,275, replaced by
Article 11 of Decree No. 746/17, is the control body for Law No. 25,326 ”(Article 1, Decree No. 899/17).
That, among the attributions assigned to the AGENCY OF ACCESS TO PUBLIC INFORMATION is the one to dictate the rules and regulations that must be observed in the development of the activities included in Law No. 25,326 (article 29 subsection 1, section b)
of Law No. 25,326).
That various entities, both public and private, have requested the AAIP, as the enforcement authority of Law No. 25,326, to issue guidance criteria for the correct interpretation and implementation of the regulations on data protection
personal.
That it is necessary to establish these criteria in an autonomous document, so that they can be consulted by those responsible for databases and the public in general, providing greater predictability to the interpretation of Law No. 25,326 and strengthening the
exercise of the rights that the law protects.
That Law No. 25,326 defines the term “database” in its article 2 as “[t] he organized set of personal data that is subject to treatment or processing, electronic or not, whatever the modality of its formation. , storage, organization or
access".
That the records of images captured by video surveillance systems constitute a database in the terms of Article 2 of Law No. 25,326.
That articles 14 and 15 of Law No. 25,326 establish the conditions for exercising the right of access and its scope.
That the exercise of the right of access in relation to personal data that has been collected through video surveillance systems may generate certain practical difficulties for the person responsible for the database, for which the INFORMATION ACCESS AGENCY
PUBLIC considers it convenient to pronounce on the scope of this right and the conditions for exercising it.
That, in turn, Article 15 of Law No. 25,326, in its paragraph 1, provides that when exercising the right of access, the person responsible for the database must provide the information in a clear manner, free of coding and, where appropriate, accompanied by an explanation, in language accessible to the
average knowledge of the population, of the terms used.
That in view of the fact that technological changes have made it possible to automate data processing and that this could entail risks to the person, the AAIP considers it important to establish what would be the scope of the right of access of the owner of the data when the person responsible for the
database make decisions based solely on the automated processing of data that produce harmful legal effects for the owner of the data or significantly affect him or her in a negative way.
That, likewise, Article 2 of Law No. 25,326 defines “data dissociation” as “any processing of personal data so that the information obtained cannot be associated with a specific or determinable person”.
That, for the correct interpretation of the term “data dissociation”, it is up to the AAIP to define what is understood by “determinable person”.
That, on the other hand, Law No. 25,326 defines the term “personal data” in its article 2 as “[i] information of any kind referring to specific or determinable natural persons or ideal existence”.
What more modern laws have defined within the concept of personal data the term “biometric data” to adapt to the new technologies of the digital age.
That, in this sense, the AAIP deems it convenient to establish what it means by “biometric data” according to the regulations applicable in our country regarding privacy and thus adapt to the international trend.
That, in turn, Law No. 25,326 receives in its article 5 the principle of consent, which requires the consent of the owner of the data as a condition for the processing of their personal data to be lawful.
That article 5, paragraph 1 of Law No. 25,326 provides that the consent of the owner of the data must be in writing "or by another means that allows it to be equated, according to the circumstances."
That Law No. 25,326 provides for the possibility of implementing the consent of the owner of the data by means other than writing, and, therefore, the AGENCY OF ACCESS TO PUBLIC INFORMATION considers it necessary to establish an interpretive criterion for the
implementation of that provision.
That article 11 of Law No. 25,326 establishes as a general principle the obligation to require the prior consent of the owner to carry out a transfer of personal data.
That the exceptions regulated in subsection 3 of the same article apply to this principle, whose section c) provides that consent will not be required when the transfer “is made directly between dependencies of State bodies, to the extent of the fulfillment of
their respective competences ”.
That it is then up to the AAIP to define what are the conditions to carry out a transfer of personal data between public bodies, in the terms of article 11, paragraph 3, section c).
That international regulations on the protection of personal data have adopted specific provisions in relation to the consent that girls, boys and adolescents must grant for the processing of their data.
That the Civil and Commercial Code of the Nation has accepted in articles 26 and 639 the principle of progressive autonomy, which emerges from the Convention on the Rights of the Child, which recognizes minors the ability to exercise their own rights. Rights
in accordance with the evolution of their faculties.
That, by virtue of this, it is necessary to establish guiding criteria for obtaining the consent of minors for the processing of their personal data.
That the GENERAL DIRECTORATE OF LEGAL AFFAIRS of the UNDER SECRETARIAT FOR ADMINISTRATIVE COORDINATION of the HEAD OF THE CABINET OF MINISTERS has taken the appropriate intervention.
That this measure is issued by virtue of the powers conferred by article 29, paragraph 1, section b) of Law No. 25,326.
Thus,
THE DIRECTOR OF THE PUBLIC INFORMATION ACCESS AGENCY
RESOLVES:
ARTICLE 1. - Approve the guiding criteria and indicators of best practices in the application of Law No. 25,326, being mandatory for all those subjects covered by Law No. 25,326, and that as Annex I (IF-2019-01967621-APN-AAIP) form
integral part of this Resolution.
ARTICLE 2. - Communicate, publish, give it to the NATIONAL ADDRESS OF THE OFFICIAL REGISTRY and, in due course, file it. Eduardo Andrés Bertoni
NOTE: The Annex / s that make up this Resolution are published on the BORA web edition -www.boletinoficial.gob.ar-

and. 01/16/2019 N ° 2278/19 v. 01/16/2019
( Note Infoleg: The annexes referenced in this standard have been extracted from the web edition of the Official Gazette. They can be consulted at the following link: Annexes )

