Argentina: Implemented Law 25.326 on Personal Data Protection including cross-border data transfer regulation

On 3 December 2002, Law 25.326 on Personal Data Protection, including cross-border data transfer regulation, was implemented following the adoption and entry into force of the Regulatory Decree 1558 / 2001. The Law applies to data controllers, defined as any individual or legal entity that collects and processes personal data within the jurisdiction. The Law prohibits the transfer of personal data to jurisdictions that do not provide an adequate level of protection. The prohibition does not apply in cases of international judicial cooperation, exchange of medical information, stock exchange or banking transfers, transfers within the framework of international treaties or between intelligence agencies in the fight against organised crime, terrorism and drug trafficking. The National Directorate for Personal Data Protection will be required to assess the level of protection provided by the regulations of a State or international organisation to determine jurisdictions that provide an adequate level of protection.