This week, the Federal Administrative Litigation Chamber ruled that the Executive Branch must delete the CUID.AR application database used during the pandemic since 2020. This database was used to manage the health pass, circulate and manage data on vaccination and COVID-19 testing. However, the Government of Alberto Fernández had issued an administrative decision that allowed the transfer, assignment, or exchange of citizen data among different organizations, ultimately reaching the Head of the Cabinet of Ministers. This raised concerns about privacy and the potential for data leaks.
Personal data is a valuable asset that can be exploited for various cybercrimes, such as identity theft and social engineering. In May 2023, the Argentine Computer Law Observatory (ODIA) and a citizen named Eliana Andrade filed a lawsuit demanding the deletion of the data collected by the CUID.AR app, which still remains stored and accessible today. The app stored sensitive information like full names, ID numbers, addresses, circulation permits, and vaccination certificates.
There have been numerous data leaks in recent years in Argentina, such as those involving Renaper, PAMI, and the Ministry of Health. Last Monday, Chamber IV of the Chamber accepted the collective protection lawsuit, indicating that the app’s database was meant for health emergency purposes only and that data sharing was done without users’ consent. Despite canceling the records in March last year, no measures were taken to delete the stored data.
The ruling by the Federal Chamber marks a significant step towards protecting citizens’ privacy rights and ensuring the deletion of unnecessary data. However, there are practical challenges in completely erasing information, especially in a digital world where data is continuously stored and transferred. The lack of a National Cybersecurity Agency in Argentina adds to the complexity of data protection measures.
In conclusion, the fight for data privacy continues in Argentina, with the Supreme Court being the last resort for the Executive Branch to file an appeal against the deletion of the CUID.AR app database. Whether or not the data is already in the wrong hands remains a concerning issue that highlights the importance of cybersecurity measures and data protection frameworks in the country.