Last reviewed: 29 December 2023

Personal data is defined as information of any kind relating to an identified or identifiable individual or legal entity.

Last reviewed: 29 December 2023

Sensitive data includes:

☒       personal data revealing racial or ethnic origin
☒       personal data revealing political opinions
☒       personal data revealing religious or philosophical belief
☒       personal data revealing trade / professional union or association membership
☐       genetic data
☐       biometric data for the purpose of uniquely identifying a natural person or biometric templates
☒       data concerning health/medical information
☒       data concerning a natural person's sex life or sexual orientation
☐       financial information
☐       government identity card or number information
☒       personal data regarding an individual's criminal convictions or record
☐       passwords
☒       other

Under DPA Resolution No. 4/2019, biometric data identifying an individual will be considered sensitive data only when it can reveal additional information on the data subject which may result to discrimination of the data subject (e.g., data revealing ethnic origin). The same approach is followed for genetic data (Resolution No. 255/2022).

Last reviewed: 29 December 2023

Do the privacy laws distinguish between controllers/owners and processors/agents? Whereby:

• The controller/owner is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data
• The processor/agent is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller

Answer: Yes

Although not expressly defined as in the GDPR, Personal Data Protection Law No. 25,326 includes articles related to the provision of data processing services and makes a distinction between "one having responsibility of the database" and the "user of the data."