Articles 18 and 19 of the Argentine Constitution provide (in part), "The home is inviolable as is personal correspondence and private papers; the law will determine what cases and what justifications may be relevant to their search or confiscation. The private actions of men that in no way offend order nor public morals, nor prejudice a third party, are reserved only to God's judgment, and are free from judicial authority. No inhabitant of the Nation will be obligated to do that which is not required by law, nor be deprived of what is not prohibited." Article 43, enacted in 1994, provides a right of "habeas data"[537]: "Every person may file an action to obtain knowledge of the content and purpose of all the data pertaining to him or her contained in public records or databanks, or in private ones whose purpose is to provide reports; and in the case of falsehood of information or its use for discriminatory purposes, a person will be able to demand the deletion, correction, confidentiality or update of the data contained in the above records. The secrecy of journalistic information sources may not be affected."[538] Habeas data is also included in the constitutions of many provinces of Argentina. Several cases of habeas data have dealt with correction of commercial information.
In 1999, the Supreme Court of Argentina ruled in two important cases on the scope of habeas data. The leading case is Urteaga v. Estado Nacional.[539] There, the Supreme Court allowed an individual access to personal information about his brother, who had disappeared during the military government, presumably in an armed conflict.[540] The lower courts dismissed the action of habeas data for lack of standing. The Court of Appeals reasoned that habeas data grants access only to personal information, and the claimant was trying to access data related to a third person. However, the Supreme Court reversed the ruling. The core of the judgment indicated an expanding approach to the interpretation of habeas data, granting a wide right of access to personal information. The other case is Ganora v. Estado Nacional,[541] where the Supreme Court of Argentina established that habeas data can be used against any kind of public database. The claim was initiated by two lawyers who were defending Adolfo Scilingo, an ex-navy official who confessed his participation in crimes during the military regime. Arguing investigation and surveillance from the Government, the lawyers requested access to data in official databases about them. The district court judge and the Court of Appeals refused access, even without hearing the government's arguments based on a national security exception. The Supreme Court of Argentina restated its holding in Urteaga and the need to interpret habeas data in light of the international and foreign legislation. They cited the European Human Rights case Leander[542] and also made a reference to Nixon v. United States,[543] where the United States Supreme Court rejected the arguments of President Nixon, who alleged a confidential privilege over information. Finally they concluded that habeas data allowed access to government databases, and that an exception based on public interest should be subject to judicial review. This case shows the expanding interpretation of habeas data by the Supreme Court of Argentina.
In November 2000, Argentina passed the Law for the Protection of Personal Data (LPPD).[544] It is in conformance with Article 43 of the Constitution and based on the European Union Data Protection Directive and the Spanish Data Protection Act of 1992. It contains provisions relating to general data protection principles, the rights of data subjects, the obligations of data controllers and data users, the supervisory authority, sanctions, and rules of procedure in seeking habeas data as a judicial remedy. Habeas data is a special, simplified and quick judicial remedy for the protection of personal data. International transfer of personal information is prohibited to countries without adequate protection.
The European Union decided that Argentina could be considered as providing an adequate level of protection for personal data meeting the requirements of the EU Data Protection Directive.[545] The adequacy finding implies that all transborder data flows between Argentina and the European Union are presumptively considered in compliance with the EU Directive. Argentina is the first country in Latin America to obtain such adequacy approval.
In addition to the LPPD, data protection provisions are also contained in several legal instruments regulating different sectors, such as credit card transactions, statistics, banking or health. On November 2001 the Government enacted the Regulation of the Privacy Law,[546] which lays down rules for the enactment of the Act, supplements its provisions, and clarifies diverging interpretations of the LPPD. Argentine data protection rules cover the protection of personal data recorded in data files, registers, databanks or other technical means, which are public; and the protection of personal data recorded in data files, registers, databanks or other technical means which are private, whose purpose is to provide reports. This includes those which purpose is more than exclusively personal, and those that are intended for the assignment or transfer of personal data. Collection of sensitive data is given additional protections and is prohibited unless authorized by law.[547]
The LPPD has established a data protection authority within the Ministry of Justice - the National Directorate for the Protection of Personal Data that is charged with taking actions necessary to comply with the Act and endowed with powers of investigation and intervention (e.g., through sanctions of an administrative and a criminal nature). At the end of June 2003, the data protection authority issued it first disposition (see disposition 1/2003, that provides for administrative sanctions for breach of the law. The fines range from ARS1,000 to 100,000 (between USD365 and 36,400).
Meanwhile, courts have started to interpret the LPPD. A civil court held in the year 2000 that information about marriage is not within the kind of personal data requiring consent from the data subject. The Commercial Court of Appeals ruled in March 2002 that the term "private databases whose purpose is to provide reports" encompasses all kind of databanks, including banks and financial companies, even if their database was not intended initially to provide reports,[548] and also that the data protection law applies to bank and financial entities in general.[549] Also, courts are applying the prohibition to provide information about credit card transactions and correcting information that is not kept up to date. In an interesting case that applied the data protection act, another trial Court ordered Equifax/Veraz to provide personal data without any kind of codification and in an intelligible way.
The LPPD was also applied to a case of surveillance by the Federal Police of a political party. The president of this political party, Gustavo Beliz, sued the police under the data protection law and habeas data clause of the Constitution requesting all the information that the police have obtained from his party. The Administrative Court of Appeals held that the plaintiff had the right to access the personal information that the police have collected about him without any suspicions of criminal activity. It also held unconstitutional the secret regulation opposed by the defendant for the collection of this data. Finally, in February 2002, a leading case was decided by the Civil Court of Appeals of Buenos Aires. The Court held that companies trading personal information are to be held strictly liable for damages produced by them.
On May 2003, government documents obtained by the Electronic Privacy Information Center revealed that ChoicePoint, a United States company, had entered into a contract with the United States Government to provide international data from public registries obtained from Argentina, Brazil, Colombia, Costa Rica and Mexico. The transfer of personal information abroad is a matter of much concern for the governments of those countries, as these countries have strict data protection laws (e.g., Argentina) or are about to be enact data protection bills (e.g., Colombia, Costa Rica and Mexico). The Argentine data protection authority launched a criminal investigation and the Prosecutor has asked for evidency measures.
The Civil Code prohibits "that which arbitrarily interferes in another person's life: publishing photos, divulging correspondence, mortifying another's customs or sentiments or disturbing his privacy by whatever means."[550] This article has been applied widely to protect the privacy of the home, private letters and several situations involving intrusive telephone calls, and neighbor's intrusions into one's private life. This provision has been applied widely to private and public plaintiffs.
In 1998, the Argentine Congress enacted the Credit Card Act.[551] The object of this bill is to regulate credit card contracts between consumers and financial institutions and specifically the interest rates that banks charge to consumer credit cards. Article 53 restricts the possibility of transferring information from banks or credit card companies to credit reporting agencies.[552] There is also a specific right of access to personal data of a financial character. The Central Bank of Argentina, whose jurisdiction includes the overview of the monetary policy in the Argentine financial market, has authority to regulate banks. Under that authority it created a public debtor's database,[553] requiring financial entities and banks to collect and classify debtors within a range of risk and to send the information to the database. Under Article 8.1 of the regulation[554] the data subject (a client of a bank) has a right of access to his information and to know the reason why he or she was included in the database.[555]
Under the Criminal Code the illegal sale of personal data and data trafficking over the Internet may be prosecuted. The Attorney General and the Ministry of Justice, are currently drafting a bill to specifically deal with computer crimes. The bill will prohibit violation of privacy by any means and illegal access to computer systems and networks. Government is pursuing the enactment of this bill due to a recent case of hacking of the web site of the Supreme Court. The federal judge investigating the case concluded that the 1921 Criminal Code had no crimes related to computer damage or illegal access. After this decision, the Supreme Court asked the Ministry of Justice to draft a bill to cover this new kind of crimes.
Under the Code of Penal Procedure, "A judge may arrange, for the purposes of building a case, the intervention of telephone communications or whatever other means of communication." The Penal Code provides penalties for publishing private communications.[556] The National Defense Law prohibits domestic surveillance by military personnel.
In April 1999, the Criminal Court of Appeals in Buenos Aires recognized a right to privacy in electronic mail communications applying a section of the Penal Code related to the protection of secrets. Although the criminal provision was drafted in 1921, the Court had an open approach to the interpretation of the statute.[557] Under this case, data such as stored files and e-mail is not to be examined by anyone else without the user's permission.
In 1995, the United Nations Human Rights Committee expressed concern that the judicial authorization for wiretaps was too broad.[558] In December 2001, a new Intelligence law was enacted with implementing regulations to be issued 180 days later. The law provides for legislative oversight of government intelligence activities. It also prohibits the unauthorized interception of telephone, postal, facsimile, and other communications and private documents. The Penal Code, dating from 1921, did not previously punish wiretapping. There have been numerous scandals relating to unauthorized wiretapping over the years and several cases of wiretapping were dismissed because of the lack of a criminal statute.
In 1996, the national government began a new crackdown on tax evaders. Measures included reviewing citizens' credit cards, insurance, and tax records. One bill allowed citizens whose credit card records had been obtained to sue for invasion of privacy.[559] The same year, the Argentina Passport and Federal Police Identification System, developed by Raytheon E-Systems, was inaugurated at the Buenos Aires airport. The system combines personal data, color photos and fingerprints.[560]
In 2003, two labor courts issued decisions on workplace privacy. In the first case,[561] an employee was fired because he was using computer resources for his personal use. Because the computer was shared with other employees, there was only one Internet connection on the office premises, and there was no privacy policy in place, the court ruled that the employee had not used the computer resources in an inappropriate manner, and that he had no expectation of privacy in its use. In another case, an employee was dismissed for distributing e-mail with obscene contents to her co-workers.[562]
On July 13, 2003, one of the most important Argentinean newspapers, Diario Clarin, reported that the government was planning to gather in a database all the information available in several public databases of the administration. At the same time the government was planning to issue new and enhanced IDs for all citizens and homologue the database with the Federal Bureau of Investigation.[563] The government is also planning to sell commercial information like a credit bureau to individuals and companies. The proposal, still in its early stages, was criticized by the privacy community although no opposition came from the data protection authority.
In November 1998, the City of Buenos Aires approved a law on access to information. The law gives all persons the right to ask for and to receive information held by the local authorities and creates a right of judicial review. Individuals have the right under habeas data to update, rectify, maintain the confidentiality of, or suppress their information.[564] But critics say that government agencies jealously keep public records and that it is very difficult to obtain information.[565]
In 1984, Argentina adopted the American Convention on Human Rights into domestic law. The Convention was incorporated into the Constitution in 1994 and has since been used by the Argentine Supreme Court to determine domestic cases.[566] In a recent case the Court decided that a famous sportsman had the right to forbid the media to broadcast the existence of a lawsuit related to his natural child base under the right to privacy provided in the American Convention on Human Rights and section 19 of the Federal Constitution.[567] In September 2001, the Court ruled that a weekly news magazine had violated the privacy of former president Carlos Menem when it reported, in 1994 and 1995, that he had used his office to advance the career of Congresswoman with whom he was having an affair.[568]