AI Regulation Tracker / Regulator rule
Argentina's AAIP treats facial-recognition and biometric data as sensitive, raising the operator standard
Argentina's data protection authority classifies biometric data used in facial recognition and video surveillance as sensitive, which forces public and private operators to meet a heightened legal standard. The agency kept the topic active into 2026 through its regional data-protection work.
Argentina's data protection authority treats biometric data as sensitive, and that classification carries direct consequences for anyone running facial recognition or biometric video surveillance in the country. The Agencia de Acceso a la Informacion Publica, known as the AAIP, oversees personal data protection under Argentina's framework and applies the sensitive-data standard to biometric traits used to identify a person. For operators, sensitive classification is not a label. It is a higher legal bar.
Why sensitive classification matters
Under Argentina's personal data protection regime, sensitive data receives stronger protection than ordinary personal data. When biometric information, such as a facial-recognition template or an identifiable image captured on camera, falls into the sensitive category, the operator generally needs a firmer legal basis to process it, must confine the processing to a defined and legitimate purpose, and must apply safeguards proportionate to the added risk. The practical effect is that a business cannot treat a facial-recognition deployment as routine surveillance. It has to justify the collection before it happens and keep the use narrow.
There is a second reason the classification carries weight. Sensitive data draws closer regulatory attention, and the AAIP is the body that can investigate complaints and act on them. A facial-recognition system deployed without a documented basis is not just a policy gap. It is the kind of processing the authority is positioned to question. For a compliance officer, the takeaway is that biometric deployments should be defensible on paper before they go live, because the burden of justifying sensitive processing sits with the operator.
The video-surveillance track
The AAIP addresses camera networks specifically through video-surveillance guidance. Earlier guidance associated with Disposicion 10/2015 was carried forward and updated by Resolucion AAIP 38/2024, which the agency issued to modernize how video-surveillance data is handled. Reporting and the AAIP's own materials indicate that this guidance reinforces the duty to inform people that they are being recorded, to limit retention, and to treat identifying biometric capture with the heightened care that sensitive data requires. Operators should read the current AAIP guidance rather than rely on the older 2015 text alone, because the 2024 update is the operative reference.
What the standard does not do
The sensitive classification does not ban facial recognition or video surveillance in Argentina. It conditions them. An operator with a valid legal basis, a clear purpose, and appropriate safeguards can still deploy biometric systems. The standard also does not convert every security camera into a biometric system. A camera that records footage without performing biometric identification sits under general video-surveillance rules, while a system that matches faces against a database crosses into sensitive-data territory. The distinction turns on whether the technology identifies individuals by their biometric traits, so operators should classify each system by what it actually does.
The 2026 activity
The topic stayed live in 2026. In June 2026 the AAIP reported that it took part in the 2026 meeting of the Ibero-American Data Protection Network, where its representative presented advances of the network's Digital Identity group and, in the agency's words, challenges linked to the use of biometric data and privacy protection were addressed. The same meeting approved updated 2026 data-protection standards for Ibero-American states. That regional posture signals continuity. Argentina is not stepping back from treating biometric data as sensitive; it is coordinating the approach across the region.
Pending reform
Separately, data-reform bills have been reported as pending in Argentina's Congress that would modernize the country's personal data protection law. As of this writing, the sensitive treatment of biometric data rests on the existing framework and AAIP guidance rather than on a new statute. Operators should track the reform because a revised law could sharpen the biometric rules, but they should not wait for it to act. The current standard already binds. A firm that pauses its compliance work in anticipation of a new statute would be exposed under the framework that governs today, and a reform, if enacted, is more likely to tighten the biometric standard than to relax it.
The cross-border angle
For a United States company operating in Argentina, this is a compliance obligation now, not a preview. A US retailer, security firm, or employer that runs facial recognition on Argentine soil is subject to the AAIP's sensitive-data treatment regardless of where the parent company sits. The approach also aligns Argentina with a broader pattern in which regulators classify biometric identifiers as high-risk personal data, which is a useful signal for firms planning multi-country deployments.
Frequently Asked Questions
What did Argentina's AAIP decide about biometric and facial-recognition data?
The AAIP treats biometric data, including facial-recognition templates and identifying images from video surveillance, as sensitive data under Argentina's personal data protection framework. Sensitive classification requires a stronger legal basis, a defined purpose, and added safeguards. The agency reinforced this through video-surveillance guidance updated by Resolucion AAIP 38/2024 and kept biometric work active into 2026.
Who is affected by this standard?
Public and private operators of facial recognition and video surveillance in Argentina. That includes retailers using facial recognition for loss prevention, building and event security operators, and employers using biometric access or attendance systems, along with the privacy officers responsible for those systems.
Does this ban facial recognition in Argentina?
No. The sensitive classification conditions facial recognition rather than prohibiting it. An operator with a valid legal basis, a single defined purpose, and proportionate safeguards can still deploy biometric systems. The standard raises the bar for justification and documentation; it does not remove the option.
Is a regular security camera covered by the biometric standard?
Not automatically. A camera that only records footage without identifying people by their biometric traits falls under general video-surveillance rules. A system that matches faces against a database performs biometric identification and is treated as processing sensitive data. Operators should classify each system by whether it identifies individuals biometrically.
What should an operator do first?
Inventory every camera and access point that performs biometric identification and, for each one, record the legal basis and the single purpose it serves. Then confirm the deployment follows current AAIP video-surveillance guidance, including notice and retention limits, before continuing to collect biometric data.
Sponsored Training
Browse the full AI Regulation News tracker
Informational analysis for working professionals, not legal advice. Confirm how any rule applies to your situation with qualified counsel.