Blog del Foro de Habeas Data

News about data protection in Latin America

First Semester - January-July 2006
By Pablo Palazzi

1) Citibank case
The case arose when Citibank sent a letter to all their customers in Argentina informing them of its new privacy policy. The letter also provided a ten-day period to opt out from the sharing of the client's personal information. A disgruntled client sued the bank seeking the confidentiality of his personal data. Judgement was rendered in his favour.

The court held that it was not sufficient for the bank to simply let customers opt out of having their personal data used for purposes other than those relating to their banking service. The Court of Appeals also shared the view exposed by the advocate general at the commercial court of appeals who held that the use of that personal information for marketing purposes amounted to an infringement of the purpose limitation principle of the data protection act (this is the first case enforcing this principle in Argentina).

Copy of the decision in the Citibank case and some comments

2) First Spam case in Argentina
On April 7, 2006 a federal judge from the City of Buenos Aires (Argentina) issued the first decision in a spam case. Plaintiffs Gustavo Tanus and Pablo Palazzi sued a an spammer under the new data protection law of Argentina.
In their complaint the two plaintiffs argued that section 27 of the 2000 Argentine Data Protection Law gives them a right to opt out, which the spammer did not comply with when they asked to be removed from the database (They demanded that their email be deleted from the database).

In November 2003, the judge issued an injunction, declaring that during the process the defendant should refrain from sending plaintiffs additional e-mails. The injunction also forbids the transfer of the plaintiffs emails to third parties. His decision was based on the data protection law (section 1, 2, 5, 11 and 27).

This month the judge issued the final decision, ordering defendants to stop any treatment of personal data of the plaintiffs and delete their personal information. The decision asserted that the sending of spam infringed the plaintiff´s privacy and data protection rights.

The decision is now available at this web site

In addition, in the year 2005 the DPA enacted a new Regulation related to sanctions and infringements. One of the specific conducts targeted by these Regulation consist in sending spam after the marketer has received an opt out request (see http://www.habeasdata.org/sanciones).

Last year, the DPA fined Telefonica Argentina SA with $ 45.000 fine (aprox. u$s 15.000) for failure to honour opt out request of marketing calls of their clients. See Telefonica Resolution of the DPA

3) New telemarketing rules for the City of Buenos Aires

The City of Buenos Aires enacted a few weeks ago a law creating a do not call list for telemarketing in the City of Buenos Aires which is going to enforced by the consumer protection agency of the City. The City´s consumer protection agency shall be in charge also of administering the registry. The law num. 2014 was published in the Official Journal. A text of the Bill is available here.

See my comments in Spanish.

Pablo A. Palazzi