Wednesday, October 05, 2005

Saturday, September 17, 2005 -

Habeas data para acceder a informacion del Gobierno.

Saturday, August 27, 2005

HONDURAS:: Congress ratifies constitutional reform establishing principle of "habeas data" in Honduras

The Honduran legislative chamber has ratified a reform to Article 182 of the Constitution, establishing the principle of "habeas data". The measure was announced in the February 2005 edition of the government gazette.

The change to the Constitution establishes the right of all individuals to access information concerning themselves or their property, whether that information is contained in private or public records.

Only the person to whom the information pertains can submit a habeas data request. The Supreme Court's Constitutional Chamber is tasked with ensuring that the rights to privacy and safeguarding one's honour are not violated.

The legislature first approved changes to the Constitution, establishing the habeas data principle in January 2004. The measure could not take effect, however, until the legislature approved it on second reading, in accordance with the Constitution.

Tuesday, June 14, 2005

Argentine Court rules use of webcam lawful

An Argentine Court of appeals has ruled that the use of CCTV in the entrance of building is lawful under the Data Protection Act (Law 25,326) and that an individual has no right to claim damages for the storage of his image.

The plaintiff, an attorney sued the administration of the building alleging that the security organization in charge of the entrance took a photo of him with a web cam when he was entering the premises. But instead of requesting access or opposing the treatment of his personal data under Law 25,326, the plaintiff initiated a claim for damages based on the right to privacy, the right of image and the Data Protection Act. He argued the lack of express consent for the capture of his image.

The Civil Court of Appeals for the city of Buenos Aires affirmed the dismissal of the first instance court. The Court ruled that the requirement of being photographed to enter the building was not unlawful. The administration of the building has enough powers to impose such a requisite. When someone is entering a building with such a requisite, he is waiving his right to privacy. Such situation neither involves the right of publicity (article 31 Law 11,723) because the image was not used in commerce.

Finally, the court said that the Data Protection Act does not applied to this case because the image of a person is not mentioned as personal data under the Data Protection Act, and because the database was not a "register whose purpose was to provide reports" in the sense of Article 1 of the Data Protection Act.

Saturday, June 11, 2005

Monday, April 25, 2005

Data Traffic law in Argentina

The Argentina Government has suspended the application of the data retention law and it regulation.

See Decree 357/2005.-

The following week a judge declared unconstitutional the Data Traffic law in Argentina based on the privacy safeguards of the Constitution . The decision is available at


Tuesday, April 19, 2005

Data Traffic law in Argentina

I was interviewed last week about the controversy surrounding the data trafic law (law 25.873) in Argentina. There is a strong pressure from ISP and public opinion against the measure of the government to collect data for ten years.

See interview at

Saturday, March 19, 2005

Data Protection

1984 by Orwell

... Tragedy, he perceived, belonged to the ancient time, to a time when there was still privacy, love, and friendship, and when the members of a family stood by one another without needing to know the reason.

.... Privacy, he said, was a very valuable thing. Everyone wanted a place where they could be alone occasionally. And when they had such a place, it was only common courtesy in anyone else who knew of it to keep his knowledge to himself.

Monday, March 07, 2005


New Fair Credit Protection Bill in Brazil proposes to regulate credit reposrts (nteprojeto de lei sobre bancos de dados de proteção ao

See consulta_bancodedados

Friday, February 25, 2005



ChoicePoint has announced plans to re-screen 17,000 business customers to make sure they are legitimate. The company has hired a retired Secret Service agent to help revamp its verification process. It also has paid for a one-year subscription to a credit monitoring service for each of the 144,778 people that may have been affected by the recent data breach.


Thursday, February 24, 2005


A California woman has sued ChoicePoint Inc. for fraud andnegligence after criminals gained access to a database ofpersonal records compiled by the company. The suit, which seeks class-action status, claims that for at least fivemonths the company failed to adequately protect people'sfinancial records and confidential information. The company also have problems in the past in Latin America for the sale of personal data to the US Govt.

The New York Times, meanwhile, discusses the ChoicePoint case and theproblems with the current law.

See more info at

Friday, February 18, 2005

Data Protection -Argentina - Registry

The Data Protection Agency of Argentina has enacted Disposition 2/2005 (Of. Journal Feb. 18, 2005). The disposition creates the registry of private databases. In 90 days all databases containing personal information from companies will have to register in the data protection agency. Penalties from failing to register ranges from $ 1000 to $ 50.000 (around U$S 13.000).

Full text of the decision follows:

del 14/2/2005; publ.18/2/2005
VISTO el Expediente MJyDH Nº 143.996/04 y las competencias atribuidas a esta DIRECCION NACIONAL DE PROTECCION DE DATOS PERSONALES por la Ley Nº 25.326 y su Decreto Reglamentario Nº 1558 del 29 de noviembre de 2001 y
Que entre las funciones asignadas a la DIRECCION NACIONAL DE PROTECCION DE DATOS PERSONALES se encuentra la habilitación de un registro de archivos, registros, bases o bancos de datos alcanzados por la ley citada en el Visto.
Que mediante la Disposición DNPDP Nº 2 del 20 de noviembre de 2003 se dispuso la habilitación del REGISTRO NACIONAL DE BASES DATOS y se aprobaron sus bases técnico jurídicas.
Que como etapa previa a su implementación se dispuso la realización del PRIMER CENSO NACIONAL DE ARCHIVOS, REGISTROS, BASES O BANCOS DE DATOS PRIVADOS, con el objeto de cuantificar el universo de las bases de datos reguladas por la Ley de Protección de Datos Personales, y conocer la composición cualitativa y sectorial de los actores que desarrollan el tratamiento de datos personales.
Que la información allí recolectada ha sido apreciada para desarrollar la mejor implementación del registro de referencia.
Que en consecuencia, habiéndose reunido las condiciones técnicas y jurídicas necesarias, corresponde disponer la implementación del REGISTRO NACIONAL DE BASES DE DATOS.
Que razones de racionamiento de la actividad administrativa y de los recursos disponibles hacen aconsejable poner en marcha en una primera etapa la inscripción en el Registro Nacional de las bases de datos del sector privado, quedando la inscripción de las bases de datos del sector público para una segunda etapa, cuyo desarrollo ya se encuentra en ejecución.
Que en ese sentido corresponde disponer la inscripción obligatoria de los archivos, registros, bases o bancos de datos dentro de un plazo razonable que se estima conveniente fijar en seis meses desde la fecha de implementación del Registro dispuesta por la presente.
Que asimismo es menester aprobar el formulario mediante el cual se hará efectiva la inscripción al aludido Registro Nacional, su correspondiente instructivo y el respectivo procedimiento técnico registral para la inscripción en el REGISTRO NACIONAL DE BASES DE DATOS.
Que habida cuenta de la complejidad técnica de los sistemas informáticos aplicados al REGISTRO NACIONAL DE BASES DE DATOS y el mantenimiento de su estructura informática operativa, el MINISTERIO DE JUSTICIA Y DERECHOS HUMANOS deberá oportunamente determinar el valor de los formularios a utilizar para la registración, así como el de todos aquellos procedimientos relacionados.
Que a fin de mantener actualizada la nómina de inscriptos al REGISTRO NACIONAL DE BASES DE DATOS resulta indispensable establecer un límite temporal a la validez de la misma.
Que la presente medida se dicta en uso de las facultades conferidas por el artículo 29, inciso 1, apartado b) y c) de la Ley Nº 21.326 y el artículo 29, inciso 5, apartado d) del Anexo I del Decreto Nº 1558 del 29 de noviembre de 2001.
Por ello,
Art. 1. — Impleméntese a partir de los NOVENTA (90) días corridos de la fecha de publicación en el Boletín Oficial de la presente medida el REGISTRO NACIONAL DE BASES DE DATOS alcanzadas por la Ley Nº 25.326.
Art. 2. — Establécese que a partir de la fecha aludida en el artículo anterior, deberán inscribirse en el REGISTRO NACIONAL DE BASES DE DATOS los archivos, registros, bases y bancos de datos privados.
Art. 3. — Establécese que para la inscripción de los archivos, registros, bases o bancos de datos privados existentes con anterioridad a la implementación del REGISTRO NACIONAL DE BASES DE DATOS, el plazo para inscribirse vencerá a los CIENTO OCHENTA (180) días corridos de dicha implementación. Los archivos, registros, bases o bancos de datos privados que se conformen con posteridad a la implementación del REGISTRO NACIONAL DE BASES DE DATOS, deberán inscribirse con carácter previo a su puesta en marcha.
Art. 4. — Establécese que los archivos, registros, bases o bancos de datos privados deberán inscribirse en el aludido Registro Nacional utilizando el Formulario FA.01 de Inscripción de Archivos, Registros, Bases o Bancos de Datos Privados que como Anexo I forma parte integrante del presente acto y de acuerdo al Instructivo que como Anexo II también forma parte de la presente medida.
Art. 5. — Apruébese el Procedimiento de Inscripción, Modificación y Baja en el REGISTRO NACIONAL DE BASES DE DATOS, que como Anexo III forma parte integrante de esta Disposición.
Art. 6. — El valor del Formulario FA.01 de Inscripción será determinado por el MINISTERIO DE JUSTICIA Y DERECHOS HUMANOS. Para su pago se expedirá la correspondiente boleta, la que deberá ser cancelada por los medios que al efecto se establezcan.
Art. 7. — La inscripción en el REGISTRO NACIONAL DE BASES DE DATOS tendrá validez anual. Dentro del plazo de CUARENTA Y CINCO (45) días corridos anteriores a la fecha de vencimiento de dicha inscripción, deberá solicitarse su renovación, completando el formulario correspondiente.
Art. 8. — El MINISTERIO DE JUSTICIA Y DERECHOS HUMANOS determinará el valor de los formularios a utilizar para los distintos trámites a efectuar ante la DIRECCION NACIONAL DE PROTECCION DE DATOS PERSONALES que no se encuentren relacionados con el Formulario FA.01 de Inscripción. El respectivo trámite deberá iniciarse ante la DIRECCION NACIONAL DE PROTECCION DE DATOS PERSONALES, previo pago del valor del formulario que, en cada caso, corresponda.
Art. 9. — Comuníquese, publíquese, dése a la Dirección Nacional del Registro Oficial y archívese.

For more information contact:

San Martin 323, piso 17 - Buenos Aires - C1004AAG
Tel: (5411) 4114-5525 / Fax: (5411) 4114-5555
e-mail: p.palazzi AT

Saturday, February 05, 2005

DRM & Privacy

The European Commission's Art. 29 Data Protection Working Party has issued a working document on data protection issues related to IP rights. The WP 104 expresses concern over the privacy implications of DRM, noting that there is growing "an increasing gap between the protection of individuals in the off-line and on-line worlds, especially considering the generalised tracing and profiling of individuals".-
See report at

For more on this see Julie E. Cohen´s excellent article at BTLJ.-

Pablo Palazzi

Thursday, February 03, 2005


Interesting book on Human Rights in the Digital Age (

Wednesday, January 26, 2005

Costa Rica

Costa Rica may have a data protection law this year. Data PRotection Bill no. 15.178 has been introduced in the extraordinary session of the Legislative Power. And it is backed up by the Presidency.

Tuesday, January 25, 2005


The Congress of Venezuela (Asamblea Nacional de Venezuela) has decided to take out of its legislative agenda the Data Protection Bill. This decision is based on considering that the Bill may have been pushed by some interest from the private sector.

Thursday, January 13, 2005

Data Traffic law & Privacy

ISPs in Argentina has launched a lawsuit against the Argentine Government Regulation no. 1563/04 which requires them to bear the cost of "data traffic" information requested by judges prosecutors and the SIDE office.

The lawsuit was initiated by CABASE (trade association of telecom companies) arguing that the regulation violates the right of property of the ISPs companies and the right of privacy of their clients. The lawsuit is based on an aricle I wrote last year and that was published in Lexis Nexis.

See text of the complaint at

Pablo A. Palazzi
San Martin 323, piso 17 - Buenos Aires - C1004AAG
Tel: (5411) 4114-5525 / Fax: (5411) 4114-5555
e-mail: p.palazzi AT

Thursday, January 06, 2005

Data Protection & credit cards

A decision of the Administrative Court of Appeals of the City of Buenos Aires (dated December 2, 2004) held that a bank violated the data protection act of Argentina when it filed with its appeal brief a copy of the client´s credit card statement. The judges held that the information contained in the credit card was personal data in the terms of the Data Protection Law and it required the consent of the client to introduce it in a public record.

The case is "CITIBANK N.A. c/ G.C.B.A" (Cámara de Apelaciones en lo Contencioso Administrativo y Tributario de la Ciudad Autónoma de Buenos Aires, Sala I, December 2, 2004).-

Pablo Palazzi

Tel: (5411) 4114-5525 / Fax: (5411) 4114-5555
e-mail: p.palazzi AT