The Argentinian Data Protection Authority has approved Data Protection Standards for Ibero-American States. The Standards seek to address the lack of harmonization in Ibero-American states regarding data protection by issuing a series of principles and common rights to serve as a framework for the adoption and development of legislation in the region. The Standards provide definitions of anonymization, consent, personal data, sensitive personal data, data controller, data processor, and data processing. They also call for mandatory data breach notification requirements, subject to certain exemptions, and set out the conditions for such notification. In addition, the Standards set out criteria for obtaining consent, require controllers to implement adequate security measures, recognize data subjects’ right to data portability, and establish general rules for international data transfers.
