Basic concepts

The definitions contained in Article 2 of the bill are presented below:

  • Agency: The Personal Data Protection Agency.
  • Anonymization: Irreversible procedure through which a personal data cannot afterwards be linked or associated to a given individual, and neither enable identifying the latter, because the connection with the information that links to, associates with, or identifies, said individual has been destroyed or deleted. An anonymised data stops being a personal data.
  • Blocking of data: The temporary suspension of any processing operation of the data stored.
  • Consent: Any and all statement of free, specific, unequivocal, and informed willingness, granted via a statement or clear affirmative action, through which data subjects, their legal representatives or agents, as applicable, authorise the processing of the personal data concerning them.
  • Communication of personal data: To howsoever disclose, by action of the party responsible of the data, personal data to persons other than the data subject to whom the data concern, without actually transferring them.
  • Data deletion or cancellation: The destruction of the data stored in records or databases, howsoever done.
  • Data storage: The preservation or custody of data in a registry or database.
  • Data subject: Individual, whether identified or identifiable, to whom the personal data concern or refer.
  • Data processing: Any operation or set of operations or technical procedures, whether or not of an automated nature, that howsoever enable the collection, processing, storage, communication, transfer, or usage of personal data or sets of personal data.
  • Outdated data: The one that has lost current validity on account of a law, the compliance of a given requisite, or the expiry of the term stated for its good standing or, were there no stated rule, due to a change in the events or circumstances it records.
  • National Registry of Penalties and Compliance: A national public registry managed by the Agency, which records the certified prevention models; parties responsible for that data that adopt them, and the penalties applied to any parties responsible for data that have breached the law.
  • Party responsible for data or data controller:Any individual or body corporate from the public or private sector, which decides the purposes of, and means for, the processing of personal data, regardless of whether the data are processed by such person or through a third party agent or processor.
  • Personal data: Any information linked or referring to an identified or identifiable individual. A person shall be identifiable if his/her/their identity can be directly or indirectly determined, particularly through one or more identifiers, such as the name, personal ID document number, and the analysis of elements typical of physical, physiological, genetic, mental, economic, cultural, or social identity of said person.
  • Personal database: The organised set of personal data, whatsoever its purpose, manner, or modality of creation, storage, organization, and access, which enables associating data and processing it.
  • Public access sources: All those databases, or sets of personal data, which access or query may be lawfully done by anybody, such as the Official Gazette, the media, or public records provided by law. The processing of personal data stemming from public access sources shall be subjected to the provisions herein.
  • Profiling: Any and all forms of automated processing of personal data that consists in using those data to assess, analyse, or forecast aspects in connection with professional performance, financial status, health state, personal preferences, interests, trustworthiness, behaviour, location, or movements of an individual.
  • Pseudonymization: Personal data processing carried out in such a way as to afterwards no longer being attributable to a data subject without turning to additional information, provided that additional information is kept apart and is subject to technical and organizational measures aimed at ensuring the personal data are not attributed to an identified or identifiable individual.
  • Right to access: The right of a data subject to request and obtain, from the party responsible, a confirmation on whether his/her/their personal data are being processed by it, access them if so, and access, too, the information consecrated herein.
  • Right to delete: The right of a data subject to request and obtain from the party responsible, the deletion or elimination of his/her/their personal data, pursuant to the causes set forth by law to such ends.
  • Right to oppose: The right of a data subject to request and obtain from the party responsible, that his/her/their data not be subjected to a specific processing, pursuant to the causes set forth by law to such ends.
  • Right to portability of personal data: The right of a data subject to request and obtain from the party responsible, a copy of his/her/their personal data in a structured, generic, and commonly used electronic format operational in various systems, and which allows for their communication or transfer to another party responsible for data.

    The data subject shall be entitled to have his/her/their personal data directly transferred from one party responsible to another whenever the foregoing is technically feasible.
  • Right to rectify: The right of a data subject to request and obtain from the party responsible,  that his/her/their personal data be amended or completed, whenever they are being processed by that party responsible and they are inaccurate, dated, or incomplete.
  • Statistical data: Data that, in its origin, or as a consequence of its processing, cannot be associated to an identified or identifiable subject.
  • Sensitive personal data: Personal data that refers to the physical or moral characteristics of individuals, or to events or circumstances of their private life or privacy, such as those that reveal an ethnic or racial origin, a political, union, or trade group affiliation, socioeconomic status, ideology or philosophical beliefs, religious beliefs, the human biological profile, biometric data, and the information regarding the sexual life, sexual orientation, and gender identity of an individual.
  • State instrumentalities: The authorities, State agencies, and institutions described and regulated by the Political Constitution of the Republic, and those covered in the first paragraph of law No. 18,575, Organic Constitutional Law for the General Terms of the State Administration.
  • Transfer of personal data: The conveyance of personal data by one party responsible to another party responsible for data.
  • Third party agent or processor: The individual or body corporate that processes personal data on behalf of the party responsible for data.
error: Content is protected !!