The processing of any personal data may impose obligations to the individuals the data is related to, the data subjects. Some jurisdictions only recognize processing personal data as lawful if the data subject has provided express consent. Other jurisdictions require a legal obligation to process the data, and may not require consent. The processing of HR personal data has raised questions and court decisions in a few countries, and interpretations may vary based on data privacy and labor law requirements.
Free, express and informed consent is generally required prior to processing an individual’s personal data in Argentina. The consent must be given in writing or via another means that allows it to be “equated” depending on the circumstances (Protection of Personal Data Law, 2000, No. 25326, Art. 5). Consent of the individual is also generally required to transfer personal data.
Consent to collect, process and transfer personal information is not required in certain circumstances. The circumstances that are most likely to apply to employers include when:
In addition to the above, employers do not need to obtain consent from the individual to transfer personal data, when (Art. 11):
When personal data is collected, employees (and other data owners) should be clearly and expressly informed by the employer in advance of:
The above information must be displayed in a visible place so that employees (and any other data owners) are aware of their rights prior to any data collection (AAIP Resolution 14/2018). This can be done through an online notification.
Under the Protection of Personal Data Law, there are additional restriction relating to processing and collecting sensitive personal data. Sensitive personal data includes data that reveals: racial and ethnic origin; political opinions; religious, philosophical or moral convictions; union affiliation; or, information regarding health or sexual life.
Individuals cannot be forced to provide sensitive data, and this data can only be collected and processed when there are reasons of general interest authorized by law. Sensitive data can also be processed for statistical or scientific purposes when the owners of the data cannot be identified (ex., such as when sensitive data has been anonymized). In addition, forming files, banks or registers that store information that reveals sensitive data (directly or indirectly) is generally not permitted. Data relating to criminal or infringement records can only be processed as legally permitted by the relevant public authorities.