5.1 KiB
Retention · Argentina
Regulatory baselines for video retention in Argentina. Used to set defaults in the first-boot wizard and to inform sales conversations.
Disclaimer: This is a working summary, not legal advice. Customers must consult counsel for binding interpretation in their context. Document drafted for internal Blocao Labs use.
AAIP general guidance
The Agencia de Acceso a la Información Pública (AAIP) is the federal data protection authority in Argentina, applying Ley 25.326 (Ley de Protección de los Datos Personales).
Key references:
- Ley 25.326 (Protección de Datos Personales).
- Resolución AAIP 4/2019 — guidance on video surveillance.
General principle: video that captures identifiable people is personal data. Retention must be:
- Limited in time to what's strictly necessary for the stated purpose.
- Proportional to the risk being addressed.
- Documented in a privacy policy / register of processing activities.
De-facto baseline: 30 days is widely accepted as a starting point for general security purposes. Longer retention requires documented justification (insurance requirement, regulatory mandate, ongoing investigation).
CABA Ley 5.688 (Sistema Integral de Seguridad Pública)
For the City of Buenos Aires specifically:
- Public-space surveillance cameras: up to 60 days retention permitted.
- Longer retention requires judicial authorization.
- Operated by the city or by the city under contract.
For private establishments in CABA the AAIP general rule applies (~30 days default). The 60-day rule is for public-space cameras specifically.
BCRA standards (banking)
The Banco Central de la República Argentina issues standards for the banking sector. For bank branches and ATMs:
- Minimum 90 days retention for camera footage.
- Specific positions (entrance, ATM, teller area) may have additional requirements.
- Audit trails for who accessed footage, with retention of those logs.
Banks are usually the customers with the longest retention requirements in Argentina.
Other sectors
- Casinos / gambling: provincial regulation, often 30-90 days.
- Logistics / customs: AFIP / customs authority may require specific retention for goods movement (typically 30-180 days).
- Healthcare: depends on jurisdiction; usually similar to general AAIP (30 days) plus medical record co-retention rules.
- Education: AAIP general; some provincial education ministries have specific guidance.
How Blocao maps these to wizard defaults
In the first-boot wizard, when country = Argentina, the retention step offers:
| Preset | Duration | Use case label |
|---|---|---|
| Conservadora | 14 days | Minimal retention; AAIP-compliant for low-sensitivity sites |
| Estándar (default) | 30 days | General purpose; AAIP-aligned |
| CABA pública | 60 days | City of Buenos Aires public surveillance |
| BCRA bancaria | 90 days | Banking sector minimum |
| Personalizada | configurable | Set numeric value with justification |
Selecting a preset writes:
frigate.config.yml: per-camera retention.site-configrepo: retention policy with regulatory basis annotation.- HEALTH selftest: tests verify retention is not exceeded (oldest clip date matches policy ±1 day).
Privacy notice / signage
Argentine law requires conspicuous signage informing people they are being recorded. Blocao does not generate signage — that's a customer responsibility — but the documentation reminds customers and points to AAIP's signage templates.
Documenting purpose
Every Blocao deployment should have a documented purpose:
- "General security and theft prevention."
- "Compliance with [specific BCRA standard]."
- "Insurance documentation."
The wizard prompts for this purpose during retention setup. The text is stored in the site-config repo as purpose.md. This serves as the start of a "registro de actividades de tratamiento" required by AAIP.
Subject access requests (DSAR)
A person captured on Blocao footage can request:
- Confirmation that they are recorded.
- A copy of their footage.
- Deletion (subject to legitimate-purpose exceptions).
Blocao's FORENSICS panel makes this tractable: search by face/identity (post-MVP for face recognition), by time + location, export.
The customer is responsible for handling DSARs. Blocao provides the tools.
When this changes
AAIP and provincial regulators are actively updating guidance. Significant areas to track:
- Facial recognition specific rules — already discussed in CABA, federal-level under consideration.
- Cross-border data flow — if AAIP follows the EU's Schrems II direction, this strengthens Blocao's sovereignty positioning further.
- Retention period harmonization — possible federal standardization in coming years.
When new guidance lands, this document gets a new revision (commit history) and the wizard presets get updated via fleet-config.
See also
retention-eu.md— EU jurisdictions for comparison.../../decisions/0008-retencion-30d-default-argentina.md— the ADR setting the default.