Argentina Data Privacy

Overview

Argentina’s Personal Data Protection Law No. 25,326, including Executive Order No. 1558/2001 and supplementary regulations (“PDPL”) is an Argentine federal law that applies to the protection of personal data in Argentina and when personal data is transferred internationally for processing. In July 2018, the Argentine Data Protection Authority (Agencia de Acceso a la Información Pública, “ADPA”) issued Resolution 47/2018 (“Resolution 47”) under the PDPL, which repealed Disposition No. 11/2006 related to security measures that data controllers (i.e., AWS customers) needed to consider when processing personal data. Resolution 47 describes new, recommended security measures that are aligned with international best practices and standards, and aimed to protect the confidentiality and integrity of personal data during its processing – from data collection to data deletion. In particular, this new resolution updated the list of measures and controls recommended to manage, plan, control, and improve the security when processing personal data. These recommended security measures are divided by categories of processing related activities, including data collection, access controls, change controls, backup and recovery, vulnerability management, data removal or deletion, security incidents, and development environments. Furthermore, Resolution 47 includes a list of security measures applicable to “sensitive data” (as defined in the PDPL).

AWS is vigilant about your privacy and data security. Security at AWS starts with our core infrastructure. Custom-built for the cloud and designed to meet the most stringent security requirements in the world, our infrastructure is monitored 24x7 to ensure the confidentiality, integrity, and availability of our customers’ data. The same world-class security experts who monitor this infrastructure also build and maintain our broad selection of innovative security services, which can help you simplify meeting your own security and regulatory requirements. As an AWS customer, regardless of your size or location, you inherit all the benefits of our experience, tested against the strictest of third-party assurance frameworks.

AWS implements and maintains technical and organizational security measures applicable to AWS cloud infrastructure services under globally recognized security assurance frameworks and certifications, including ISO 27001, ISO 27017, ISO 27018, PCI DSS Level 1, and SOC 1, 2, and 3. These technical and organizational security measures are validated by independent third-party assessors, and are designed to prevent unauthorized access to or disclosure of customer content.

For example, ISO 27018 is the first International code of practice that focuses on protection of personal data in the cloud. It is based on ISO information security standard 27002 and provides implementation guidance on ISO 27002 controls applicable to Personally Identifiable Information (PII) processed by public cloud service providers. This demonstrates to customers that AWS has a system of controls in place that specifically address the privacy protection of their content.

These comprehensive AWS technical and organizational measures are consistent with the goals of the PDPL, and Resolution 47 under the PDPL, to protect personal data. Customers using AWS services maintain control over their content and are responsible for implementing additional security measures based on their specific needs, including content classification, encryption, access management and security credentials.

As AWS does not have meaningful visibility as to what type of content the customers choose to store in AWS, including whether or not that data is deemed subject to the PDPL, customers are ultimately responsible for their own compliance with the PDPL and related regulations. The content on this page supplements the existing Data Privacy resources to help you align your requirements with the AWS Shared Responsibility Model when you process personal data in international data centers.

Have Questions? Connect with an AWS Business Representative
Exploring compliance roles?
Apply today »
Want AWS Compliance updates?
Follow us on Twitter »