Argentina: Personal Data Protection Bill (S-0644/2025) including data protection regulation governance was introduced to Senate

On 5 May 2025, the Personal Data Protection Bill (S-0644/2025) was introduced to the Senate. The Bill would establish a legal framework for the processing of personal data and define the rights of data subjects, including access, rectification, erasure, objection, and data portability. It would also set out lawful bases for processing, namely consent, contractual necessity, legal obligation, legitimate interest, vital interest, and public interest. Additionally, the Bill would codify data processing principles such as lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and confidentiality. Controllers and processors would be required to maintain records of processing activities and implement technical and organisational measures proportionate to risk. Furthermore, the Bill would include provisions on the processing of sensitive data and automated decision-making, including profiling. It would also require the application of data protection by design and by default, and the conduct of data protection impact assessments for processing likely to result in high risk. Moreover, it would require the designation of data protection officers in specified circumstances. In the case of data breaches, the Bill would impose notification duties towards the supervisory authority and, in certain cases, affected data subjects. Consequently, the proposal was referred to the relevant Senate committee for deliberation.