Argentine Data Protection Authority Presents Strategic Plan 2022-2026

The Strategic Plan reflects the commitments made by the AAIP during the public hearing to appoint its Director: (i) to strengthen the AAIP institutionally; (ii) to update the Personal Data Protection Law; (iii) to promote and enhance transparency and open data; and (iv) to consolidate the Federal Council for Transparency.

These initial commitments were incorporated into the Strategic Plan, structured around four strategic objectives, 11 public policy outcomes, more than 80 actions and 30 performance indicators.

In general terms, the Strategic Plan provides an overview of the AAIP’s current situation, taking into account its starting point, the measures already implemented and the challenges that remain. It also presents the strategic objectives, actions and goals, expected results and performance indicators. Finally, it details the methodology that will be used to institutionalize the plan within the AAIP and to ensure regular updates and monitoring.

According to the Strategic Plan, the objectives that will guide the work of the AAIP are:

• Promote and strengthen the exercise of citizens' rights in the area of personal data protection and access to public information;
• To expand regulatory and management capacities at the national and federal level;
• Promote transparency in public management and citizen participation; and
• Strengthen the institutional capacities of the AAIP.

Among the proposed actions, with specific reference to the protection of personal data, the following stand out:

• Construction of a typification of subjects bound by the Personal Data Protection law.
• Resolution for the updating of the standard contractual clauses for international data transfers.
• Resolution on mandatory security measures and reporting of security incidents.
• Guidance on the basic principles on the appropriate use of personal data in video surveillance and facial recognition systems.
• Guide with recommendations on the conditions under which the processing of personal data of children and adolescents should be carried out.
• Review and update of the list of countries with adequate Personal Data Protection legislation established by DNPDP Resolution 60/2016 and AAIP Resolution 34/2019.
• Design and implementation of the Artificial Intelligence and Data Governance Programme.
• Regulation on the protection of personal data in the use of technologies involving artificial intelligence.

Several of these actions are in line with the Personal Data Bill drafted by the AAIP in 2022 through a public consultation process and updated in February 2023 (more information on the draft here), and others respond to the update of some existing resolutions and guidelines that have become outdated with the passage of time and the development of technologies.