Mexico Issues Highly Anticipated Data Protection Law Guidelines
On January 17, 2013, the Mexican Ministry of Economy (Secretaría de Economía) published in the Mexican Official Gazette of the Federation (Diario Oficial de la Federación) the Guidelines applicable to the Privacy Notice (the “Guidelines”) referred to in the Mexican Data Protection Law (Ley Federal de Protección de Datos Personales en Posesión de los Particulares)(hereinafter, the “Law”). The Guidelines are mandatory and will become effective on April 17, 2013. The Guidelines can be accessed in Spanish here.
The Guidelines replace the “Guide to prepare a Privacy Notice” issued in 2011 by the Mexican Federal Institute of Access to Information and Data Protection (Insituto Federal de Acceso a la Información y Protección de Datos) or IFAI.
The main purpose of the Guidelines is to compile, describe and set forth the scope of the provisions applicable to the preparation of the privacy notice that all persons and entities that collect personal data need to communicate to individuals providing said data.
Also, the Guidelines cover, among other matters, the following:
(i) the applicable type of privacy notice and the timing when the same should be disclosed;
(ii) the content of the privacy notice and practices to be avoided (e.g., the use of inexact, ambiguous or vague phrases);
(iii) the use of the different types of privacy notices (e.g., full version, simplified version or short version);
(iv) the use of the privacy notice when using cookies, web beacons or similar technologies, and
(v) a list of optional “best practices” that, although not mandatory, their observance will certainly help to fully comply with the Law.
The issuance of the Guidelines invariably requires that entities and individuals that handle personal data review their data protection policies to confirm that the same comply with the Law, its regulations and the Guidelines.
Jose Antonio Butron contributed to this article.