Support Centre



Law: Personal Data Protection Act, Act No. 25.326 of 2000 (only available in Spanish here) ('the Act') and Decree No. 1558/2001 Regulating Law No. 25.326 (only available in Spanish here) ('the Decree'), amended by Decree No. 1160/10 (only available in Spanish here)

Regulator: Argentinian data protection authority ('AAIP')

Summary: The Act sets forth the main principles and rules for the protection of personal data and has been followed by multiple decrees that detail rules for the implementation of the Act. Three years after the passing of the Act, Argentina was recognised by the European Commission as providing an adequate level of protection for personal data. The AAIP regularly issues resolutions which interpret the Act and guide compliance. These resolutions have, among other things, defined 'security measures' and provided guidance on Binding Corporate Rules ('BCRs') for international data transfers.

More recently, the AAIP published, on 10 November 2022, a draft bill to update the Act (only available in Spanish here), following a public consultation on the Act during September 2022. Furthermore, the AAIP issued Resolution 4/2019 (only available in Spanish here), which specifies mandatory guidelines for the application of the Act, and addresses topics including video surveillance, automated data processing, consent, and biometric data. In addition, the AAIP issued, on 1 December 2022, Resolution 240/2022 amending Provision No. 9 of 19 February 2015 on the National Directorate for the Protection of Personal Data and No. 13 of 10 March 2015 (only available in Spanish here), which establishes the classification of offences under the Act respectively as minor, serious, and very serious, alongside the graduation of sanctions.


In this Insight article, Gustavo Bethular and Sofía Grassi, from Richards, Cardinal, Tützer, Zabala & Zaefferer (RCTZZ),[1] provide an overview of the cryptocurrency up-to-date situation in Argentina. Argentina is one of the leading countries in Latin America in terms of cryptocurrency adoption, but its regulatory framework is still in its early stages of development. This lack of regulatory uniformity has created a fragmented landscape, with different government agencies and regulatory bodies issuing their own guidelines and interpretations.

In the following Insight article, Gustavo Bethular and Sofia Grassi, from RCTZZ, examine the cybersecurity situation in Argentina, focusing on the rise in cybercrime. They highlight the impact of COVID-19, measures taken by companies and the public sector, prevalent cyberattacks trends, existing regulations, challenges in reporting and investigating cybercrimes, and the need for enhanced cybersecurity measures.

Whilst the Personal Data Protection Act, Act No. 25.326 (the Act) continues to be the main data protection legislation in Argentina, the Argentinian Government begun proposals for a new draft bill (the New Bill) on the protection of personal data in September 2022. In this Insight article, Florencia Rosati and Martín Beccar Varela, from Estudio Beccar Varela, provide an overview of the key provisions and considerations for organizations to ensure compliance if the bill is approved.

As almost everyone around the world uses the internet, online behavioural advertising ('OBA') has a substantial importance in any marketing effort, and targeted behavioural marketing has become central to the internet business model. Mariano Peruzzotti, Partner at Ojam Bullrich Flanzbaum, provides an analysis of the current regulatory landscape in Argentina, specifically in regards to OBA and the protection of minors' personal data.

Many jurisdictions are increasingly enacting laws and regulations governing how and where data must be stored either within their respective borders or abroad. What has resulted is a constantly evolving network of rules and restrictions for the location of data. In this three-part series, OneTrust DataGuidance provides an overview of key trends in data localisation and data residency, outlining underlining approaches to the same, as well as common trends associated with sector and categories of data.

In this report, OneTrust DataGuidance provides a means of analyzing and comparing data protection requirements and recommendations under the General Data Protection Regulation (GDPR) and the Personal Data Protection Act, Act No. 25.326 of 2000 (the Act).

The report examines and compares the scope, main definitions, legal bases, data controller and processor obligations, data subject rights, and enforcement capacities of the Act with the  GDPR.

You can access the latest version of the report here.