Law: Personal Data Protection Act, Act No. 25.326 of 2000 ('the Act') and Decree No. 25.326 (only available in Spanish here)
Regulator: Argentinian data protection authority ('AAIP')
Summary: The Act sets forth the main principles and rules for the protection of personal data and has been followed by multiple decrees that detail rules for the implementation of the Act. Three years after the passing of the Act, Argentina was recognised by the European Commission as providing an adequate level of protection for personal data. The AAIP regularly issues resolutions which interpret the Act and guide compliance. These resolutions have, among other things, defined 'security measures' and provided guidance on Binding Corporate Rules ('BCRs') for international data transfers.
More recently, the AAIP published, on 10 November 2022, a draft bill to update the Act (only available in Spanish here), following a public consultation on the Act during September 2022. Furthermore, the AAIP issued Resolution 4/2019 (only available in Spanish here), which specifies mandatory guidelines for the application of the Act, and addresses topics including video surveillance, automated data processing, consent, and biometric data. In addition, the AAIP issued, on 1 December 2022, Resolution 240/2022 amending Provision No. 9 of 19 February 2015 on the National Directorate for the Protection of Personal Data and No. 13 of 10 March 2015 (only available in Spanish here), which establishes the classification of offences under the Act respectively as minor, serious, and very serious, alongside the graduation of sanctions.