Argentina’s Personal Data Protection Act (Law 25.326), often referred to as the PDPA, defines personal and sensitive data, mandates free and informed consent for data processing, and establishes obligations for public and private entities processing data in Argentina—or targeting individuals there. The CookieHub consent management platform was built specifically to help manage these challenges.
Businesses must register any personal data databases with Argentina’s Data Protection Authority (AAIP); ensure data collection is limited, accurate, and secure; obtain express, informed consent; respect data subject rights (access, correction, deletion); regulate transfers abroad only to “adequate” countries or with valid safeguards; and implement confidentiality/security measures.
To comply, businesses need to:
Categorize:
Classify cookies into essential vs. nonessential
Enable clear opt-in and opt-out options:
Block nonessential ones until the user opts in
Cookie management:
Provide clear cookie banners explaining each cookie’s purpose
Implement consent measures:
Let users withdraw consent anytime
This mirrors GDPR-style practices and aligns with AAIP standards.
The law applies to:
Anyone (individual or legal entity) controlling or processing personal data in Argentina—even if data is processed abroad
Exceptions are limited: purely personal/family use, public authority duties, minimal data lists (e.g., name, NID), financial or contractual data.
Argentina consumers are granted the following rights:
Consumers can access, confirm processing and its purposes and get copies of personal data
Consumers can request to correct or update inaccurate information
Consumers can request that their personal data be deleted
Consumers can object to certain types of processing, such as direct marketing or automated decisions
Consumers can file court actions to access, update, correct, suppress or restrict the confidentiality of their personal data
Consumers can make claims through individual or collective judicial or administrative actions; enforcement authority may impose fines or corrective measures
While the PDPA doesn’t specifically refer to cookies, AAIP and industry guidance treat cookies that process personal data as subject to the same rules. Consent must be prior, explicit optin, freely given, informed, and specific—with no preticked boxes for nonessential cookies (e.g., analytics, advertising).
Penalties can come in several forms based on what is allowable within the AAIP’s authority, including:
Warnings
Database suspensions
Fines up to 15 million ARS
Criminal sanctions including prison (up to 3 years) for hacking, sharing false data, or unauthorized access
To check your compliance with the PDPA Argentina, businesses should:
Audit:
Conduct a data audit to identify all cookies and trackers on their websites.
Categorize:
Categorize cookies (e.g., necessary, preference, analytics, marketing).
Implement consent management:
Ensure consent banners are implemented correctly with granular choices, enable users to withdraw consent at any time, and maintain consent logs.
Check on partners:
Review third-party data-sharing practices.
A consent management platform like CookieHub can facilitate compliant cookie consent by managing granular preferences, logging user choices, auto-blocking non-essential scripts until consent, and generating audit-ready compliance records.
Argentina’s PDPA applies to any individual or organization that processes personal data within Argentina, as well as those outside the country who handle data of individuals located in Argentina. It covers all types of data processing, including collection, storage, use, and transfer of personal information.
Personal data refers to any information relating to an identified or identifiable natural person. This includes details such as name, identification number, location data, online identifiers, or any other data that can directly or indirectly identify a person.
Sensitive data includes information related to a person’s racial or ethnic origin, political opinions, religious beliefs, health or sexual life, genetic or biometric data, and any data that could lead to discrimination or harm if disclosed.
The National Directorate for Personal Data Protection (Dirección Nacional de Protección de Datos Personales) under the Ministry of Justice and Human Rights is the regulatory authority responsible for overseeing compliance with Argentina’s PDPA.
Certain public agencies and processing activities related to national security, criminal investigations, or judicial proceedings may be exempt from the PDPA’s rules. However, these exemptions are limited and subject to specific legal requirements.
For detailed information, official guidelines, and updates, you can visit the website of Argentina’s National Directorate for Personal Data Protection or consult legal resources specializing in Argentine data protection laws.
©2018-2025 CookieHub ehf.
CookieHub CMP offers tools and services for managing cookies and online privacy.
