Since the beginning of the COVID-19 pandemic, the Argentine Data Protection Authority has issued several recommendations and regulations, particularly focused on how the COVID-19 affects the personal data protection field.
In relation to this, the Argentine Data Protection Authority has expressed on several occasions that Argentine law considers health-related information to be sensitive data, so special care should be taken when monitoring and collecting such information.
Recently, the Argentine Data Protection Authority published a document with guidelines referred to the use of personal data in cases of individuals vaccinated against COVID-19.
These guidelines are useful from the perspective of Data Privacy and for the access to public information.
The Data Protection Authority considered three possible scenarios for the guidelines:
Personal data for general vaccination
The Data Protection Authority considers that the personal data of individuals vaccinated against COVID-19 can be published but only in a disassociated way. This, so that the person cannot be identified.
Name, ID, and Tax ID are considered by the authority as personal data that cannot be published.
This information can be published only if the vaccinated individual expressly gives his/her consent in a free and informed way in accordance with Section 5 of Law No. 25,326.
Government officials and public employees
The Data Protection Authority resolved that information related to the vaccination of government officials or public employees must be considered as public information. This, based on Decree No. 2016/2017, Resolution No.48/2018 and international case law which considers that:
- Government officials and public employees have less expectation of privacy than others.
- The purchase of the vaccines was done with public funds.
- The citizenship must be allowed to control who is considered “strategic personal” to be vaccinated.
It is worth mentioning that for the Data Protection Authority, the data protection regulation for sensitive data is not applicable as government officials and public employees have access to vaccination as “strategic personal” and not for medical reasons.
Individuals that had access to vaccination against COVID-19 outside the official plan and stages.
The Data Protection Authority considered that the public interest to know who had access to vaccination –in an unlawful way- is greater than the potential individual damage that the individual involved may have.
Particularly, the Data Protection Authority considered the fact that vaccine is in short supply and there is a lack of foresight regarding the arrival of new doses.