Last reviewed: 2 December 2024

Personal data is defined as information of any kind relating to an identified or identifiable individual or legal entity.

Last reviewed: 2 December 2024

Sensitive data includes:

☒       personal data revealing racial or ethnic origin
☒       personal data revealing political opinions
☒       personal data revealing religious or philosophical belief
☒       personal data revealing trade / professional union or association membership
☒       data concerning health/medical information
☒       data concerning a natural person's sex life or sexual orientation
☒       personal data regarding an individual's criminal convictions or record
☒       other

Under DPA Resolution No. 4/2019, biometric data identifying an individual will be considered sensitive data only when it can reveal additional information on the data subject that may result in the discrimination of the data subject (e.g., data revealing ethnic origin). The same approach is followed for genetic data (Resolution No. 255/2022).

Last reviewed: 2 December 2024

Do the privacy laws distinguish between controllers/owners and processors/agents? Whereby:

• The controller/owner is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data
• The processor/agent is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller

Yes

Although not expressly defined as in the GDPR, Personal Data Protection Law No. 25,326 includes provisions related to data processing services and distinguishes between "one having responsibility of the database" and the "user of the data."