Why Argentina’s Pioneering Privacy Law Is Now Playing Defense Against AI – JURIST – Commentary

The authors argue that Argentina, once a Latin American leader in data protection, is now racing to modernize its 25-year-old privacy framework through transparency initiatives and legislative reforms that balance AI innovation with fundamental rights protections…

Argentina was the first country in Latin America to adopt data protection laws. In 2000, it enacted a comprehensive legislative framework that integrated protections for the right of privacy.[1] This early institutional commitment positioned the country as a pioneer in recognizing a variety of technological trends that affected these fundamental rights.

This early adoption, however, remained stagnant for some years and was not fine-tuned by subsequent legislative attempts to keep pace with the exponential advancements in the technological landscape. As a result, Argentina appeared to be wavering in its commitment to achieving the targets of that pioneering effort. In addition, the rapid expansion of Generative Artificial Intelligence (GAI) platforms, the algorithmic decision-making, and the large-scale data processing have also challenged the scope, assumptions, and enforcement of Argentina’s legislative regime.

In some ways, these challenges have forced Argentine authorities to more aggressively reconcile their established data protection framework with the complex demands of an AI-rich environment. In response, Argentina is now intensifying the modernization of its legislative framework by increasing its institutional capacity and seeking ways to achieve the appropriate balance between innovation and fundamental rights.

Argentina’s Current Personal Data Protection Framework

Argentina enacted its first privacy law in 2000, titled “Personal Data Protection Act (Ley de Protección de los Datos Personales)” (Law 25,326). This law was the first attempt in Latin America to deal with the principles of consent, limitations on the use of data, and to establish the framework of safeguards for the security and maintenance of the quality of such data. Law 25,326 also created the first independent Center for Data Protection in the region.[2] As a result, Argentina was recognized by the European Union (EU) as a country that provided “adequate” data protection, earning an EU adequacy recognition in 2003.[3]

Law 25,326 grants individuals the right of access, of correction, and deletion of personal data based on a habeas data[4] application, and requires database registration and cross-border transfer restrictions in line with the EU standards of the time. The National Data Protection Authority (“Agencia de Acceso a la Información Pública;” AAIP) is designated as the enforcement agency that also seeks to educate organizations on issues related to compliance.

While Law 25,326 was viewed at the time as very progressive, it predates many technological advances and the General Data Protection Regulation (GDPR) regime in the EU, highlights the need to consider many new areas in how to protect the right to privacy. As a result, the Argentinian Government is now implementing measures to revise this legal framework.[5] The AAIP initiated a wide-scale public comment period and, thereafter, drafted a new Personal Data Protection Bill, which was submitted to the Argentinian Congress in 2022-2023.[6] As of 2025, multiple bills are under consideration that will either amend or replace Law 25,326.[7]

In reviewing these proposals, it is clear that Argentina is seeking to harmonize the current framework with international standards,[8] incorporating innovative concepts such as anonymization, biometric data regulations, and explicit rules on automated decision-making and profiling. It is also important to note that the authority of the AAIP is based on the current legal framework to address AI-related data protection issues. However, Argentina is also a party to modern international treaties, such as the Convention 108+ (Council of Europe’s convention on data processing), which recognize rights around algorithmic decisions.[9]

In 2019, the AAIP issued Resolution 4/2019, which established that data subjects “have the right to request an explanation of the logic behind decisions made solely by automated processing” when such decisions significantly and adversely affect them.[10] This was a notable first step in extending transparency and due process in the context of algorithms, even when such rights were absent from an AI-specific law. In practice, however, enforcement of data protection in Argentina has historically been limited, with the AAIP becoming more of a guide than an agency for enforcing sanctions. Despite this limitation, there is a lot of public scrutiny that continuously grows because of privacy violations.

GAI Tools Challenge the Right to Privacy

The increasing use of GAI tools in both the public and the private sectors is raising new questions for privacy and data protection in Argentina. Modern GAI systems rely on processing large amounts of personal data, often repurposing information in ways that exceeded the consent originally given by individuals, thereby violating core principles such as consent and purpose limitation. This raises serious conflict questions over core data protection principles.

There is also a heightened risk of bias and discrimination: if a GAI system processes personal data, any embedded biases could lead to unfair or unlawful outcomes. Another major challenge is transparency, as GAI algorithms (especially complex machine learning models) often function as “black boxes,”[11] making it difficult for individuals to understand how decisions are made about their data or how they can exercise rights of access and, more importantly, correction.

Argentina’s current laws impose duties of data transparency[12] and quality that apply to GAI usage. For example, if an Argentine company deploys an GAI that seeks to collect customer profiles, such deployment must still: (a) adhere to the framework of Law 25,326, (b) obtain consent from the customers for such data collection, (c) ensure that the data is accurate and used for legitimate purposes, and (d) allow individuals to access or rectify their data.[13] Despite the pronouncement of such protective measures, enforcing these principles into practice is a more complex task.

Under U.S. law, the functions traditionally served by filing a habeas data petition are fulfilled through statutory rights of access, rectification, and deletion of personal data, rather than through a standalone constitutional petition. In Argentina, an individual could file a petition to request how the GAI platform stores personal information or to challenge such automated use or misuse of such data.[14] Again, the opacity of GAI systems makes such rights difficult to protect without further regulatory guidance.

These concerns are not merely theoretical—they have already led to constitutional challenges in Argentine courts. A recent case from the Court of Administrative, Tax and Consumer Relations of the City of Buenos Aires (the Court) illustrates the tensions between the use of GAI and the protection of privacy rights.[15] The municipality of Buenos Aires implemented a facial recognition system (Sistema de Reconocimiento Facial de Prófugos, SRFP) that was scanning live camera feeds to identify fugitives. Several organizations challenged the use of this system, citing significant risks in the invasion of privacy and potential abuse. In 2023, the Court agreed and declared that the use of this facial recognition program was unconstitutional, halting its use. The Court also held that the system lacked adequate safeguards and could lead to wrongful arrests due to misidentification of individuals, thus infringing upon constitutional rights of due process and privacy.

This case underscores how the Court used established legal rights to rein in the use of unregulated GAI deployments. It also highlights the need for the adoption of legislative measures and the immediate need to have proper oversight and data accuracy checks in the use of the facial recognition program. As a result, public and private sector use of GAI tools in Argentina will face increasing scrutiny, given the consensus that there must be compliance with data protection standards and the continuous protection of fundamental rights.

Initiatives in Argentina for GAI Transparency and Data Protection

Recognizing the growing impact of GAI, Argentine authorities have launched specific initiatives to address the concerns of data protection, but also measures that identify emerging ethical challenges.[16] In September of 2023, the AAIP launched the “Program for Transparency and Personal Data Protection in the Use of Artificial Intelligence” by Resolution 161/2023.[17]

Under this Program,[18] the AAIP promoted several initiatives:

• AI Observatory: Establishing a Management Unit that seeks to map and monitor AI developments. The AAIP will track relevant actors (in government, industry, and academia) and follow global and regional regulatory advances related to AI. This Management Unit would then assist the legislative branches of Argentina in keeping current with emerging best practices and risks associated with AI governance.
• Guidelines and Best Practices: The program calls for developing guidelines for public and private organizations on transparency and data protection in AI systems. By late 2024, the AAIP had already released a preliminary “Guide for Public and Private Entities on Transparency and Protection of Personal Data for Responsible AI,” offering non-binding best practices to ensure that AI projects are designed to adhere to standards that respect privacy and identify issues over the security of data. These guidelines cover all stages of the AI lifecycle, from data selection and model training to deployment, underscoring the need to comply with ethical principles and the right to privacy.
• Multidisciplinary Advisory Council: The program seeks to create an Advisory Council consisting of experts from various disciplines (law, technology, ethics, etc.) that will adopt an interdisciplinary dialogue. This Council will also collaborate with the AAIP and other government agencies to develop a consensus on the country’s AI policy and to further help develop regulatory proposals. The inclusion of experts from diverse industries is intended to ensure that AI governance will adhere to the principle of balancing innovation with the protection of fundamental rights.
• Capacity Building: Another important variable is the focus on strengthening institutional capacities for the oversight of AI use. This involves training government agencies and educating the private sector on issues related to transparency obligations and data protection in incorporating AI tools. Argentina is seeking to assess the functionality of AI systems by conducting audits of algorithms used or evaluating various impact assessments, which will thereafter increase the awareness around the technical intricacies of the use of AI platforms by state agencies.
• Transparency Measures: This program reinforces Argentina’s broader agenda of an Open Government by requiring public agencies to document their automated decision-making systems and publish transparency criteria on the National Transparency Portal. In practice, agencies must disclose how those systems operate when they use AI tools, so citizens can evaluate the effect of using algorithms in processing their data, mirroring international transparency trends such as those adopted by the draft AI Act of the EU.

Most notably, Argentina’s government has complemented the efforts by the AAIP by using policies that promote broader GAI coordination. By mid-September 2023, just a week after the AAIP’s resolution, the Chief of the Cabinet of Ministers issued Administrative Decision 750/2023,[19] which organized an Interministerial Roundtable on the Use of Artificial Intelligence.[20] This effort complemented the programs promoted by AAIP in what clearly appears to be a concerted government strategy: Argentina is addressing the opportunities and risks posed by the use of GAI tools through a series of interim, non-binding instruments while simultaneously advancing efforts to adopt more comprehensive and enforceable regulation, including the long-anticipated reform of its data protection framework.

Outlook: Balancing Innovation and Personal Rights

Argentina is navigating the rise of artificial intelligence by emphasizing the need to safeguard personal data. Although the current legislative landscape seems to consist of soft-law regulatory measures, when taken all together, they represent a well-designed effort to guide the development of GAI tools without infringing upon fundamental rights. The ongoing debates around the reform of the Personal Data Protection Act, together with an active judiciary in cases involving AI-driven surveillance, are signs of a robust, evolving framework that seeks to balance the need to innovate while guaranteeing that constitutional rights will be preserved.

We anticipate that Argentina will adopt a new data protection law in the near future or enact an AI-specific regulation. Currently, Argentina’s privacy framework, along with the recent oversight initiatives and the adoption of transparency measures, functions as the main safeguard of protecting privacy rights without hampering the innovational targets of GAI. As Beatriz Anchorena stated, it is essential to guarantee that society can understand how AI-based decisions are made and to reinforce safeguards so that technological development remains firmly grounded in democratic principles.[21]

Notes

[1] Argentina. (2000). Law 25,326 on the Protection of Personal Data. Official Gazette of the Argentine Republic. Personal Data Protection Act.

[2] Argentina. (2017). Decree 746/2017. Transfer of competencies in personal data protection to the Access to Public Information Agency. Official Gazette of the Argentine Republic.

[3] European Commission. (2003). Commission Decision 2003/490/EC of 30 June 2003 on the adequate protection of personal data in Argentina pursuant to Directive 95/46/EC. Official Journal of the European Union.

[4] According to the Real Academia Española, habeas data is a constitutional right that may be exercised by any person included in a data registry to access such registry and obtain information concerning their data, including the right to delete or correct such information when it is false or outdated.

[5] Yahoo News, (2025, November 28). Gobierno de Argentina insiste en que impulsará reformas; Infobae, (2025, November 3), Volver a crecer: Un informe privado detalló las reformas clave que necesita Argentina para dejar atrás el estancamiento; La Nación, (2025, November 19), Las siete reformas que necesita la Argentina para aprovechar la oportunidad.; Errepar, (2025, February 17). El gobierno ordena una revisión integral de toda la normativa de la administración pública nacional.

[6] Agencia de Acceso a la Información Pública. (2022). Draft Personal Data Protection Bill: Explanatory memorandum and proposed text. Buenos Aires, Argentina. Document submitted for public consultation; the draft was not subsequently sent to Congress and, as of today, has no parliamentary status.

[7] Argentine Chamber of Deputies. (2025). Bill 4872-D-2025: Personal data protection. Amendments regarding the regulation of responsible de-indexing. Buenos Aires, Argentina; Argentine Chamber of Deputies. (2025). Bill 2968-D-2025: Personal data protection. Amendments incorporating protective mechanisms for data subjects. Buenos Aires, Argentina; Argentine Chamber of Deputies. (2025). Bill 3540-D-2025: Personal data protection. Amendments to Law 25,326 incorporating guarantees related to algorithmic transparency. Buenos Aires, Argentina; Argentine Senate. (2025). Bill S-0968/2025: Amendment to Law 25,326 regarding the consent regime for the processing of personal data of children and adolescents. Buenos Aires, Argentina; Argentine Senate. (2025). Bill S-0644/2025: Personal data protection. Buenos Aires, Argentina; Argentine Chamber of Deputies. (2025). Bill 1948-D-2025: Personal data protection. Regulatory framework. Buenos Aires, Argentina; Argentine Chamber of Deputies. (2025). Bill 0904-D-2025: Protection of personal data and privacy of children and adolescents in the use and access to digital platforms. Regulatory framework. Buenos Aires, Argentina.

[8] European Union. (2016). General Data Protection Regulation (GDPR): Regulation (EU) 2016/679. Official Journal of the European Union. Council of Europe. (2018). Protocol amending the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108+). Strasbourg, France. Organization for Economic Co-operation and Development. (2013). OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. Paris, France.

[9] Council of Europe. (2018). Protocol amending the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (CETS No. 223). Strasbourg: Council of Europe.

[10] Argentina. (2019). Resolution 4/2019 of the Access to Public Information Agency. Official Gazette of the Argentine Republic.

[11] Burrell, J. (2016). How the machine ‘thinks’: Understanding opacity in machine learning algorithms. Big Data & Society; Pasquale, F. (2015). The black box society: The secret algorithms that control money and information. Harvard University Press; Selbst, A. D., & Powles, J. (2017). Meaningful information and the right to explanation. International Data Privacy Law; Diakopoulos, N. (2016). Accountability in algorithmic decision making. Communications of the ACM.

[12] Nissenbaum, H. (2009). Privacy in context: Technology, policy, and the integrity of social life. Stanford University Press; Diakopoulos, N. (2016). Accountability in algorithmic decision making. Communications of the ACM; Richards, N. M., & King, J. H. (2014). Big data ethics. Wake Forest Law Review.

[13] Law 25,326. Article 5.1 provides that “the processing of personal data is unlawful when the data subject has not given free, express, and informed consent, which must be provided in writing or by any other means that, given the circumstances, may be considered equivalent.”  In turn, Article 14.1 establishes that “the data subject, upon proof of identity, has the right to request and obtain information about their personal data contained in public databases or in private databases intended to provide reports.” Additionally, Article 16.1. specifies that “every person has the right to have their personal data, of which they are the data subject, rectified, updated, and, when appropriate, deleted or subjected to confidentiality, when such data are included in a database.

[14] National Chamber of Federal Administrative Litigation, Chamber V. (2025, February 13). Palazzi, Pablo v. National Government – National Registry of Persons, habeas data (File No. 18307/2021), Argentina; Supreme Court of Justice of the Nation. (2010, August 3). Asociación por los Derechos Civiles (ADC) v. National Government – Law 26,122, action for protection under Law 19,986. Argentina; Supreme Court of Justice of the Nation. (2009, February 24). Halabi, Ernesto v. National Government. Argentina.

[15] Court of Appeals in Administrative, Tax and Consumer Relations of the City of Buenos Aires, Chamber I. (2023). Observatorio de Derecho Informático Argentino (O.D.I.A.) et al. v. Government of the City of Buenos Aires, action for protection (File No. 182908/2020-0), Argentina.

[16] “[I]ncorporate transparency and personal data protection in a transversal way in the development of artificial intelligence, in order to provide greater security, legitimacy, and public trust in these technologies.” AAIP Director, Beatriz Anchorena, on the creation of the Program for Transparency and Personal Data Protection in the Use of Artificial Intelligence, (2023, September 4).

[17] Argentina. (2023). Resolution 161/2023 of the AAIP. Official Gazette of the Argentine Republic. This national program is a groundbreaking step to study and guide AI development with privacy in mind. Its general objective is to promote analysis, regulation, and the strengthening of state capacities necessary to support the development and use of AI in both the public and private sectors, while guaranteeing the effective exercise of citizens’ rights to transparency and personal data protection.

[18] This program is based on international principles that Argentina complies with. The resolution establishing the program cites the OECD AI Principles (2019) and UNESCO’s Recommendation on the Ethics of AI (2021) as foundational benchmarks.  It also builds on local guidance: earlier in 2023, Argentina’s Undersecretariat of Information Technologies (under the Chief of Cabinet’s office) had issued “Recommendations for a Reliable AI” (Disposición 2/2023) to encourage ethical AI use in the public sector.

[19] Administrative Decision No. 750/2023. (2023, July 28). Official Gazette of the Argentine Republic. Issued by the Jefatura de Gabinete de Ministros.

[20] This high-level roundtable, led by the Chief of Cabinet’s office, brings together various ministries (such as Science and Technology, Security, Economy, etc.) to discuss AI development and its social impact.

[21] Agency for Access to Public Information. (2023, September 4). Program for Transparency and Personal Data Protection in the use of Artificial Intelligence. Argentina.gob.ar.

Valentina Camuglia is an associate at the Public Law Department of Beccar Varela, a law firm based in Buenos Aires. She has experience in international arbitration, intellectual property, and artificial intelligence. She is a board member of the Boston International Innovation Moot. Dimitrios Ioannidis, Esq. is a partner in a Boston based law firm and a Lecturer at Boston University School of Law. He writes extensively on issues related to AI and the law, and is the founder of the Boston International Innovation Moot, the first global moot competition focused on regulating emerging technologies.