ARGENTINA Law and Practice Contributed by: Santiago J. Mora, Nicolas Garfunkel, Milagros Caneda and May Steward, GPG Advisory Partners
Regulation of Cybersecurity There is no uniform set of rules regarding cyber - security. Responsibility (including the indemnifi - cation regime) arising from the loss of information by fintech companies is governed, in principle, by the CCC, the CPL and the PDPL. Resolution 47/18 issued by the AAIP sets forth a series of recommended security measures aimed at facili - tating compliance with the PDPL, including mat - ters related to the collection of personal data, access control, control of changes, back-up and recovery, vulnerability management, information destruction, security incidents and development environments. Likewise, among other specific rules, the BCRA has established cybersecurity standards for banks and PSPs and the CNV has submitted similar standards for PSAVs to public consulta - tion. Regulation of Software Development Software development is generally regulated by the CCC and the IPL. 2.12 Review of Industry Participants by Parties Other than Regulators In addition to regulators, there are other relevant players actively involved in the sector. The most important fintech companies are grouped in the Argentine Fintech Chamber, and different bank associations represent the interests of financial institutions. There are also important organisa - tions that promote the use of blockchain tech - nology in its various forms. 2.13 Conjunction of Unregulated and Regulated Products and Services In Argentina, there are several cases of industry participants offering unregulated products and services in conjunction with regulated products and services.
Additionally, if the investigation reveals the com - mission of crimes, the authorities may initiate the corresponding criminal actions. 2.11 Implications of Additional, Non- Financial Services Regulations The CCC As mentioned in 2.2 Regulatory Regime , all fin - tech businesses fall under the provisions of the CCC, based on the similarities of their opera - tions with nominated businesses provided for in the CCC. In addition, the general rules applica - ble to contracts and obligations under the CCC include the following topics: • liability regime (Section 1708 et seq); • accountability regime ( rendición de cuentas ) (Section 858 et seq); • the principle of good faith (Section 961); and • standard-form contracts (Section 984 et seq). The DSL The DSL also applies since this regulation incor - porates the concepts of digital documents, elec - tronic signatures and digital signatures into the Argentine legal framework and establishes the terms of equivalence between these new con - cepts and the concepts of material documents and handwritten signatures. The PDPL The PDPL establishes several rights that com - panies must recognise regarding personal data holders. It also limits the way data can be col - lected and processed and mandates specific actions that companies must take before the competent authority. The CPL B2C business is subject to the CPL, which is designed to protect consumers as the weaker party in contractual relationships.
19
CHAMBERS.COM
Powered by FlippingBook