Cookie Consent by Free Privacy Policy website
Data Protection Argentina

Guide on Personal Data Protection in Argentina

In Argentina, the constitution recognises in its article 43 individuals’ right to the protection of their personal data. Additionally, it was the first country in the region to enact a personal data protection law. Thus, it issued the Personal Data Protection Act (DPA) No. 25,326 in 2000.

In 2022, the Agency of Access to Public Information (AAPI) promoted a new bill to amend the DPA. However, we have prepared a short guide regarding the FAQs regarding Argentina’s current system on Data Protection. Read more below.

FAQs regarding the protection of personal data in Argentina

What law regulates the protection of personal data in Argentina?

Argentina’s constitution, its Personal Data Protection Act (DPA), Regulatory Decrete 1558/2001 and Dispositions issued by the Argentine National Data Protection Agency (NDPA) set forth the system for the protection of personal data in Argentina.

Which is the official body in charge of regulating Data Protection Application?

The Data Protection Act creates the NDPA as the supervisory governmental authority of the law. However, in 2017, the National Decree 899/2018 designated the Agency of Access to Public Information as the authority in charge of DPA’s enforcement.

What rights do individuals have to protect their personal data?

Data subjects have the right to access the information and request for rectification, update or deletion of it.

What are the principles regarding Data Protection in Argentina?

Argentina’s Personal Data Protection system recognises the following principles:
• Purpose proportionality.
• Legality.
• Data quality and accuracy.
• Purpose.
• Confidentiality.
• Temporary limitation.

However, Convention 108+ -which has been recently approved by the congress- and the new bill adopt some additional principles (i.e. accountability).

Do controllers require consent to treat personal data in Argentina?

Yes, Controllers require Data Subject’s consent in order to collect and process Personal Data. Notwithstanding, the law foresees certain exceptions to this general rule in its article 5.

What responsibilities do processors have?

Article 25 of the Data Protection Act and the Regulatory Decree establish the responsibilites and obligations of data processors. Among other obligations, they must follow the controller’s instruction, comply with the Data Protection Law, protect the confidentiality and destroy the data once the obligations have been fulfilled.

Conclusion

To sum up, Argentina has been working on Data Protection for the last 20 years and is looking now to amend the Personal Data Protection Act. The new law will be in line with the obligations and principles established in the GDPR.

If you need advise regarding data protection in Argentina, contact us.