Mexico: Privacy and Data Protection-related Laws
Privacy Law (source)
- The right to privacy is ensured by article 6 of the Mexican constitution which stipulates: “Information regarding private life and personal data shall be protected according to law and with the exceptions established therein.”
- These exceptions include national security reasons, law and order, public security, public health or a protection of a third party’s rights
- Mexico has also ratified several international agreements relevant to privacy including:
- The Universal Declaration of Human Rights;
- The International Covenant on Civil and Political Rights;
- The American Convention on Human Rights; and
- The International Convention on the Protection of the Rights of All Migrant Workers and Members of Their Families.
Data Protection Law (source)
- A few different pieces of legislation, primarily the 2010 Federal Law of the Protection of Personal Data held by Private Parties, regulate data protection in Mexico. For other laws relevant to data protection see here
- The data protection agency in mexico is the National Institute for Transparency, Access to Information and Data Protection (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales, ‘INAI’)
- More information can be found here
Privacy and Data Protection Laws and their Relation to Blockchain
- There is currently not a lot of discussion around how privacy and data protection laws relate to the use of blockchain in Mexico. However, as cryptocurrencies are now regulated under the law, they are also subject to the existing privacy and data protection legislation (source)
- Fintechs like all other businesses in Mexico must provide individuals supplying data with a privacy notice
- Additionally, like all other businesses, Fintech must process personal data in accordance with the principles of consent, information, data quality, due purpose, proportionality and responsibility
- Finally, also like other businesses in Mexico, Fintechs must develop adequate safeguards and security measures to protect personal data
- One interesting aspect of the Fintech law is that it introduces the the obligation of financial entities to establish programming interfaces for standardized computer applications (Application Programming Interfaces or APIs) that will enable connectivity and non-discriminatory access to other interfaces. (source)
- The Law adopts an open API model, under which any entity can request access to another participant’s interface in exchange for a fee, with prior approval from the corresponding Supervisory Committee or the Bank of Mexico, per the entity in question
- Commentators have argued that the open API scheme has implications in terms of personal data protection but have not discussed these implications extensively
Sources