This section publishes a selection of news from the Agency for Access to Public Information.
The Agency in the GPA newsletter
Eduardo Bertoni, Director of the AAIP, gives a regional perspective on the achievements and impact of the GPA 2020 conference.
The Global Privacy Assembly has presented the GPA 2020 Special Edition November Newsletter, Volume 2, Issue 4. This Special Edition, an abridged version of the Newsletter, features the highlights, outcomes and some of the comments coming from the first virtual GPA 2020 Closed Session - At Your Desk Conference for the GPA membership and the wider data protection community.
Click here to access the newsletter as featured on the GPA website.
Global responses to actual challenges in personal data protection
The Agency was part of the Closed Session 2020, the annual meeting organised by the Global Privacy Assembly, that for this time took place on line under the slogan “At your desk”.
The director of the Agency Eduardo Bertoni participated in this annual meeting of the Global Privacy Assembly (GPA), organised by the Executive Committee and the Secretariat Assembly, that for this time took place in a virtual format. Several matters have been discussed such as the personal data protection in the context of COVID-19, the challenges involved in the use of artificial intelligence, and also the cooperation between governments and global data protection authorities.
In the COVID-19 Working Group, Bertoni hightlined the pride of being part of an organisation as GPA because of all the work carried out to maintain the cooperation between members in a pandemic context and health emergency.
In this sense, Bertoni expressed: “During the previous months to this Close Session, the exchange of experiences between the authorities was crucial in order to find practical solutions, in moments that requireded urgent measures and rapid reactions by data protection authorities”. In addition, the head of the Agency emphasized that -among other things- next steps will consist in analyze the temporal measures taken during pandemic to determine if they must be suspended or if exist new legal bases that authorises the continuity of data protection treatments.
Finally, the Agency co-sponsored the following GPA statements:
- Resolution on Facial Recognition Technology.
- Resolution on Accountability in the Development and Use of Artificial Intelligence.
- Resolution on Joint Statements on Emerging Global Issues.
- Resolution on Challenges arising from the COVID-19 Pandemic.
Digital surveillance and privacy rights
The Agency participated in a virtual meeting regarding data protection in the 75th General Assembly United Nations.
Eduardo Bertoni, director of the Agency, exposed in a virtual meeting within the 75th General Assembly United Nations, called “Protecting human rights during the COVID-19 crisis and beyond: digital pandemic surveillance and the right to privacy”. The panel was organized by the United Nations Office of the High Commissioner for Human Rights, Global Pulse and Access Now.
The Agency director commented on some actions carried out as a control authority under the Law 25.326 of Personal Data Protection. For example, the research carried out before the Secretariat of Public Innovation regarding CuidAR app, as well as the intervention to assess the "General Protocol for the Police Prevention of Crime with the use of Open Digital Sources".
The panel was moderated by Peggy Hicks, Director of Human Rights at the United Nations, and integrated by speakers such as Patricia Adusei-Poku, Commissioner and Executive Director of the Ghana Data Protection Commission; Fanny Hidvégi, Manager of European Policy at Access Now; Robert Kirkpatrick, Director of Global Pulse; and Alexandria Walden, Global Policy Leader for Human Rights and Freedom of Expression at Google.
The meeting was introduced by Silvio Gonzato, Ambassador and Deputy Head of the European Union Delegation; and Ville Skinnari, Minister for Development Cooperation and Foreign Trade of Finland. Additional speakers included Anne Marie Engtoft Larsen, Ambassador for Technology of Denmark; Sang-Beom Lim, Ambassador and Head of the Korean Mission to the United Nations; and Henry Verdier, Ambassador for Digital Affairs of France.
Global Data protection
The Agency participated in the 50th meeting of the Bureau of the Committee of Convention 108, which was held virtually.
Eduardo Bertoni, director of the Agency, participated in the 50th meeting of the Bureau of the Committee of Convention 108, attended by over 50 data protection experts representing states parties to Convention 108.
Among several topics, personal data protection policies were discussed, facial recognition technologies, the treatment of data obtained in educational digital platforms. As well as issues such as profiling, digital identity, the processing of personal data in the context of political campaigns, and the evaluation and monitoring of the protection mechanisms provided for in Convention 108.
The Consultative Committee of Convention 108 is integrated by representatives of the States parties and complemented by observers from other States, international organizations and non-governmental organizations. Argentina has been a State Party to this Convention since June 1, 2019.
The Bureau is integrated by the president and two vice-presidents, four members elected by the Advisory Committee and the leaving president. The Agency's director is also a member of this committee.
New challenges in personal data protection
The Agency participated in a video conference on the challenges and lessons learned from the COVID-19 pandemic in the area of personal data protection.
The Director of the Agency Eduardo Bertoni participated in a panel entitled "The Road to Recovery: Lessons Learned and Future Challenges," organized by the Global Privacy Assembly (GPA) and the Organization for Economic Cooperation and Development (OECD). There, experiences were exchanged among privacy and personal data protection authorities from different countries, in the framework of the COVID-19 pandemic.
"One of the lessons learned during this time is the relevance of having global standards on personal data protection and privacy. Not only our Personal Data Protection Law is enough, it is fundamental that Argentina has signed up as a State Party to Convention 108 and what our colleagues share in terms of privacy, both in Latin America and in the Global Privacy Assembly and the Organization for Economic Cooperation and Development," declared Bertoni.
The moderator of the panel was Raymund Enriquez Liboro, chairman of the National Privacy Commission of the Philippines. Also participated Alessandra Pierucci, chair of the Council of Europe's Convention 108 Committee; Andrew Smith, director of the U.S. Federal Trade Commission's Office of Consumer Protection; Joanne Groube, undersecretary of Australia's Health Economics and Research Division; and John Edwards, privacy commissioner of New Zealand's Office of the Privacy Commissioner.
The event was opened by Elizabeth Denham, chair of the Global Privacy Assembly, and Andrew Wyckoff, director of Science, Technology and Innovation at the Organization for Economic Cooperation and Development.
Contributions to the G20 statement
The Agency contributed to define our country's position in the ministerial declaration published by the G20 Digital Economy Group.
The Access to Public Information Agency, as supervisory authority of the Law 25.326 on Personal Data Protection, contributed with the Secretariat of Public Innovation of the Cabinet of Ministers to define the Argentine position on two of the issues discussed in the framework of the G20 Digital Economy Group, titled: “Cross-border Flow of Personal Data and Artificial Intelligence”.
The main objective of the meetings under the G-20 Digital Economy Group was to examine how digital technologies can be used by and for people; and to make progress on agreeing a Ministerial Declaration, which aims to unify the criteria for joint work.
In particular, the Agency provided advice on the review of various background papers on Cross-border Flow of Personal Data and Artificial Intelligence, which were prepared by the Saudi delegation and circulated among G20 members as a starting point for discussion.
In addition, the Agency sent its contributions to the Secretariat of Public Innovation on the issues within its competence. It also attended virtual meetings for the drafting of the Ministerial Declaration, emphasizing the importance of respecting personal data protection and privacy.
Advancing the Global Agenda on Data Protection
The Agency participated in a virtual meeting of the Executive Committee of the Global Privacy Assembly (GPA).
The 59th meeting of the Executive Committee of the GPA was held online. The Director of the Agency, Eduardo Bertoni, was present and, together with the other members of the Executive Committee, he examined the progress of different working groups of GPA. The members also approved of the agenda of the Closed Session, which is going to take place in October 2020 through online means.
On the other hand, it was highlighted that although the COVID-19 coronavirus pandemic made impossible to hold the annual conference in Mexico, this did not prevent GPA from advancing its agenda.
Data Protection and Coronavirus
The Agency for Access to Public Information provides guidelines to protect personal data in the context of COVID-19.
The Agency explains that the treatment of health data must be performed with special protection of privacy of individuals, in accordance with Law 25.326 on the Protection of Personal Data.
Furthermore, the Agency highlights some of the fundamental principles of the regulation, in particular referring to personal health data:
- Health data is a category of sensitive data and deserves more rigorous protection (arts. 2 and 7 - Law 25.326).
- The identify of COVID-19 patients may only be disclosed with their consent (art. 5 - Law 25.326).
- Healthcare Institutions and healthcare professionals may process and transfer patient data to each other, as long as they comply with professional secrecy (art. 8, Law 25.326).
- The obligation of professional secrecy will subsist, even after the relationship with the patient has ended (art. 10 - Law 25.326).
- In order to use patient's information for different purposes than medical treatment, it must be required patient´s free and informed consent (art. 4 and art. 5 - Law 25.326).
- The Ministry of Health and provincial ministries are empowered to request, collect, and transfer to each other or process health data without the consent of the patients, in accordance with the explicit and implicit competences conferred by law (art. 5, inc. 2 by art. 11, inc. 3 b - Law 25.326).
Global Recommendations on the Processing of Personal Data
The Global Privacy Assembly published a statement that brings together all the recommendations issued by different authorities on the treatment of personal data against the coronavirus.
The Global Privacy Assembly (GPA) Executive Committee (of which the Agency Director, Ph.D. Eduardo Bertoni is a member) issued guidelines about global regulations on the protection of personal data, in order to collaborate in the challenge of exchange health data in a pandemic context. The website also provides up-to-date information on personal data and health matters.
It stresses that, despite health data being considered sensitive in many jurisdictions, the work between data protection authorities and governments resulted in a national aim towards diffusion of messages about health, the use of technology to enable quick diagnoses and the possibility to ease identification of the spread of the virus.
Argentina and Uruguay published a manual guide “Assessment Evaluation Impact Data”
On the International Day for the Protection of Personal Data and as a result of a joint work, the Agency for Access to Public Information in Argentina and the Regulatory and Control Unit for Personal Data in Uruguay, published a manual containing guidelines on how to assess and prevent -from an early stage- the involved risks in the processing of personal data.
It Consolidates updated legislation and best practices, such as; laws from members of the European Union and the States party to Convention 108 (acceded and ratified by both Argentina and Uruguay).
Privacy and artificial intelligence
The Ibero-American Data Protection Network published two standards documents that constitute a set of guidelines regarding the correct use of personal data in the design and implementation of artificial intelligence (AI).
These documents called "General Recommendations for the Treatment of Data in Artificial Intelligence" and "Specific Guidelines for Compliance with the Principles and Rights Governing the Protection of Personal Data in Artificial Intelligence Projects", were approved within the framework of the XVII Meeting Iberoamerican Data Protection, held in June 2019 in Mexico.
Personal data is used in some Artificial Intelligence systems through the collection, storage, processing or interpretation of enormous amounts of information (big data). Those that are responsible for data processing must ensure for the citizens the exercise of the rights to access, rectify, cancel and oppose to not being subject of automated individual decisions. The right of portability and limitation of the personal data processing should also be ensured.
The Ibero-American Data Protection Network (RIPD) is a forum constituted by several agents, from both the public and private sectors, that develop initiatives and projects related to the protection of personal data in Ibero-America. The Agency integrates the Executive Committee of the RIPD, represented by the director Eduardo Bertoni.