Argentina’s Data Protection Authority Issues App Guidelines on Privacy

The Argentine Personal Data Protection Authority (DPA) recently issued Rule No. 18/2015, which includes a set of guidelines for app developers to improve compliance with the country’s Personal Data Protection Law No. 25,326 (PDPL). The Guidelines enumerate several “Basic Principles” and other, more specific guidelines for app developers, which generally track existing requirements in other jurisdictions to embrace “privacy by design.”

In particular, two of the Basic Principles instruct companies to obtain the prior, express, and informed consent of the data subject and limit the use of personal data to the purpose for which it was collected. Another requires that any person “intervening” in the treatment of personal data maintain confidentiality even after his/her/its relationship with the original data controller ends. Further guidelines state that developers should set privacy options “on” by default and designate “someone within the organization” to be responsible for privacy compliance.

TIP: This guidance is a reminder to companies subject to Argentinian laws and jurisdiction that their collection, storage, and use of data through apps is subject to the data protection laws of Argentina. The guidelines also serve as a reminder that companies must carefully account for consumer privacy and data security in the development of apps and other software in many jurisdictions across the globe.