Argentine PDPA

Ley de Protección de los Datos Personales (Law 25.326)

Flag of AR
ArgentinaOpt-inNational
Back to Regulations Guide

Key Facts

Effective Date
November 4, 2000
Enacted
November 4, 2000
Enforcing Authority
Agencia de Acceso a la Información Pública (AAIP)
Consent Model
Opt-in
Applies To
Any entity processing personal data in Argentina or maintaining databases accessible from Argentina

Overview

Argentina's PDPA is one of the earliest comprehensive data protection laws in Latin America, earning EU adequacy status in 2003 — one of few non-European countries to achieve this. The law is increasingly outdated, and multiple reform bills submitted in 2025 would introduce GDPR-aligned penalties.

What This Means for Your Website

  • Prior, free, express, and informed consent is required for processing personal data of Argentine visitors
  • Databases must be registered with the AAIP
  • EU adequacy enables smooth data transfers between Argentina and the EU
  • Current penalties are low but reform would bring GDPR-level fines (4% of turnover)
  • Sensitive data processing is prohibited except with specific legal grounds

Key Requirements

The AAIP enforces the PDPA with a three-tier sanction system. Current penalties of ARS 1,000-100,000 are low by international standards. The pending reform would increase these to up to 4% of annual turnover or ARS 10 billion. Consumer requests must be fulfilled per the law's requirements. Cross-border transfers follow an adequacy-based model.

How ConsentStack Handles This

ConsentStack applies opt-in consent for Argentine visitors with express consent for all personal data collection, positioning websites for compliance with both current law and the pending GDPR-aligned reform.

Penalties

ARS 1,000-100,000 under current law. Reform pending with fines up to 4% of annual turnover or ARS 10 billion.

Maximum Fine
ARS100,000 per violation

Key Requirements

  • Prior, free, express, and informed consent for data collection
  • Register databases with the AAIP
  • Purpose limitation and data quality obligations
  • Security measures for stored data
  • Data subject rights: access, rectification, deletion, suppression
  • Cross-border transfer restrictions

Notable Provisions

  • EU adequacy status since June 2003
  • Three reform bills in 2025 addressing AI and modernization
  • Current penalties are low — reform would bring GDPR-level enforcement
  • One of earliest DP laws in Latin America

Other Latin America & Caribbean Regulations

LGPDBrazil
Brazil's LGPD is modeled after the GDPR with extraterritorial scope. Requires explicit consent with separate authorization per processing purpose. Non-essential cookies require prior consent per ANPD guidance. Penalties include publicization of the infraction, creating reputational risk beyond fines.
LFPDPPPMexico
Completely new data protection law enacted March 2025, replacing the 2010 version. The INAI was dissolved and replaced by Transparencia para el Pueblo. Introduces criminal penalties, specialized federal data protection courts, and doubled fines for sensitive data violations. Express consent required for sensitive data; implied consent available for non-sensitive.
Colombia Law 1581Colombia
Colombia's comprehensive data protection law with active SIC enforcement. Requires prior, express, and informed consent for all processing including cookies. The SIC has broad investigative powers including on-site inspections. Authorization logs are required for cookies, and a pop-up must inform users about privacy and cookie management.
Peru Law 29733Peru
Peru's data protection law was significantly strengthened in 2025 with updated regulations introducing phased DPO requirements, extraterritorial scope, and the tightest breach notification timeline in the region. Foreign companies serving Peruvian individuals must appoint local representatives. Maximum penalty is 10% of annual net income.
Chile Law 21.719Chile
A complete overhaul of Chile's data protection framework replacing the 1999 law. Creates a new dedicated Data Protection Agency, introduces tiered penalties, and explicitly prohibits pre-ticked consent boxes. The agency must issue cookie guidelines. Takes effect December 2026 after a 24-month implementation period.
Jamaica DPAJamaica
The most comprehensive data protection law in the Caribbean, with GDPR-level penalties (4% of worldwide turnover). Individual violators face both fines and up to 10 years imprisonment. The OIC operates independently with broad enforcement powers including assessment notices, information notices, and criminal prosecution.

Frequently Asked Questions

Does Argentina have EU adequacy?

Yes. Argentina has held EU adequacy status since June 30, 2003 — one of few non-European countries with this designation.

Is Argentina's data protection law being reformed?

Yes. Three reform bills were submitted in 2025 addressing AI, modernization, and GDPR alignment. The reforms would introduce penalties up to 4% of turnover.

What are the current Argentine penalties?

ARS 1,000-100,000 under the current law — relatively low. Reform would increase to up to 4% of annual turnover or ARS 10 billion.

Stay compliant with Argentine PDPA

ConsentStack helps you implement Opt-in consent for Argentina automatically.

Get started