Following Administrative Decision No. 641/2021 on “Minimum information security requirements for the national public sector,” the AAIP approved its information security policy. The purposes of the policy are to protect the information resources of the AAIP and the technological tools used for their processing; ensure the confidentiality, integrity, availability, legality and reliability of information, and strengthen the adequate implementation of security measures, identifying available resources.

By means of Resolution No. 198/2023, published in the official gazette on 18 October 2023, the Agency of Access to Public Information (AAIP) approved the model contractual clauses included in the Implementation Guide of Model Contractual Clauses for International Personal Data Transfers of the Ibero-American Data Protection Network (MCC and IADPN, respectively).

By means of Resolution No. 44/2023, the Chief of Cabinet of Ministers: (i) approved the Second National Cybersecurity Strategy; (ii) created the Cybersecurity Management and Cooperation Unit; and (iii) established the functions of the Executive Unit of the National Cybersecurity Committee.

Through Resolution No. 161/2023, published in the official gazette on 4 September 2023, the Agency for Access to Public Information (AAIP) created the Program for Transparency and Protection of Personal Data in the Use of Artificial Intelligence and entrusted its execution, monitoring and evaluation to the National Directorates of Evaluation of Transparency Policies and Protection of Personal Data.

By means of Resolution No. 1200/2023 published in the official gazette on 22 August 2023, the National Communications Entity (Ente Nacional de Comunicaciones, or ENACOM for its acronym in Spanish) extended the term for mobile service providers to comply with the Regulation for the Collection of Personal Data and Identity Validation of Users of Mobile Services that Hold a Mobile Number, which was approved by Resolution No. 263/2023.

The Data Protection Bill of Law submitted to Congress proposes significant amendments to the current regime and introduces mandatory provisions that are novel to Argentine legislation. For example, it includes express references to the extraterritorial scope of application and changes the traditional approach to the legal basis for the processing of personal data. In this alert, we address some of these changes and novelties.

By means of Resolution Nos. 93 and 94, the Agency for Access to Public Information (AAIP for its acronym in Spanish) approved: (i) the Program on Transparency, Document Management and Archives; and (ii) the Strategic Plan for the period 2022-2026, respectively.

The National Executive Branch submitted Message 87/2023 to the Honorable Chamber of Deputies of the Nation with the Personal Data Protection Bill of Law (“Bill”).
The Bill is the outcome of a participatory, open and transparent process led by the Agency for Access to Public Information, which included the publication of the Personal Data Protection Draft Bill and its subsequent opening for public consultation. After receiving a total of 173 opinions, contributions and comments, the AAIP presented the Bill to the NEB and now the latter has submitted the Bill to Congress.

On 2 June 2023, Disposition 2/2023 of the Undersecretariat of Information Technologies of the Cabinet Chief was published in the official gazette, approving the “Recommendations for a Reliable Artificial Intelligence”.

On 17 April 2023, Argentina became the 23rd country to ratify Convention 108+, which aims to protect the privacy of individuals against possible abuses in the processing of their personal data. Argentina ratified Convention 108+ during the Privacy 2023 Symposium held in Venice between 17 and 21 April.