ADC's New Argentina Report Flags How ISPs Can Do More for Users’ Data Privacy

Argentinian telecommunications providers have made strides in their commitments to protecting users’ data privacy, but the gains are uneven—they are doing a better job at informing about data processing and users' data rights, but still a poor job at disclosing how they handle government demands for user data, according to a new report by digital rights group ADC.

In this third edition of Argentina's report, most of the improvements relate to the ISPs’ privacy policies. ADC has increased the evaluation parameters in this category to follow crucial data protection principles. Among others, the report checks whether ISPs commit to only collect data for specific, explicit, and lawful purposes and stick to those purposes when processing user data; ensure the data they process is true, adequate, relevant, and not excessive in regard to the purposes of collection; and adopt security measures to protect user data.  All  companies received credit for their privacy policies, while none of them got more than a half star.

Once again, Movistar leads the ranking, with three and a half out of five stars. The company has almost doubled its score compared to the 2019 report, and is far ahead of second-place IPLAN, which earned roughly two stars. IPLAN was the only company to engage with ADC researchers in the last edition. Back then, IPLAN, a smaller company in Argentina’s market, was taking its  first steps to properly adjust its data protection policies and practices. The improvements in IPLAN’s policy show the company’s disposition to receive criticism and recommendations, the ADC report highlights. Arlink, another small local ISP first featured in this new edition, came in last place, while Claro, a much larger provider, was almost as bad.

The new ¿Quién Defiende Tus Datos? (Who Defends Your Data?) edition evaluated Movistar (Telefónica), Claro (América Móvil/Carso), DirecTV, Personal (Telecom Group), Telecentro, IPLAN, and Arlink. While Personal and DirecTV failed to improve their scores over the last edition, all others featured in 2019 improved theirs, at least a little.

ADC assessed each company in five categories: how comprehensive their privacy policies are and whether they commit to notify users of any changes; if they publish transparency reports and what information they cover; whether they commit to notify users about government data requests; if they disclose guidelines authorities must follow to request user data (i.e., law enforcement guidelines) and whether ISPs commit to require a judicial order before handing over such data; and their policy commitments and practices towards human rights and defending users’ data privacy in courts and policy debates.

Here you can learn more about the main findings.

Privacy Policies and Information About Users’ Data Rights

This year, ADC assessed ISPs’ privacy policies against  key data protection principles, such as purpose, security, and accuracy, and the duty to provide information. As always, the report also checked how easy it is for users to find privacy policies and, this year, recognized companies’ efforts to concentrate all relevant data privacy information on  ISPs’ local websites. This is a bare minimum parameter,  yet we still see problems in other ¿Quién Defiende Tus Datos? reports in the region, such as Panamá and Nicaragua—and even in this Argentina edition, as you can read below.

A key parameter is whether providers inform users about how they can exercise their data rights, particularly their right to access their personal information in companies’ databases. All evaluated companies inform users about their data rights, but not without ups and downs. Arlink requires a notarized physical letter to give users access to their personal data, a bureaucratic and unnecessary hurdle. Companies’ concern and responsibility to check the identity of the requesting person must not result in costs to users. Claro provides a form, which is not directly available on the local company website and, according to ADC, requires an excessive amount of user data compared to what is stipulated in Argentina's data protection law. On the upside, IPLAN offers a detailed explanation on how users can exercise their rights and provides a standard form that users can send either by email&l