Argentina: Amended Personal Data Protection Bill including cross-border data transfer regulation

On 24 February 2023, the Argentinian data protection agency (AAIP) amended its proposal for a Personal Data Protection Bill amending the current Personal Data Protection Act No. 25,326, which it presented to the Argentinian Congress. The Bill includes a series of proposals derived from the previous public consultation. The Bill establishes a hierarchy of three mechanisms to carry out cross-border personal data. Firstly, cross-border data transfers will be limited to countries providing an adequate level of protection or sufficient guarantees concerning the treatment of that data. If the state where the data is to be transferred to does not provide the same level of protection, transfers will be authorised based on appropriate safeguards, which will take into account human rights and fundamental freedoms, the existence and independence of data protection authorities, and what guarantees are present. Without an adequacy decision or appropriate safeguards, transfers will be permitted on other relevant bases, including legally binding and enforceable instruments between the national authorities and international agreements that recognise model contractual clauses, binding corporate rules or data protection certification mechanisms. Finally, the Bill outlines exceptions that would allow transfer based on consent, necessity, or public interest.