Data Protection Regulation in Mexico

A Data Protection federal statute is currently in full force and effect in Mexico (together with several regulations deriving therefrom), however such legal instruments are exclusively directed to the public sector. The referred statute is called Federal Law for Transparency and Access to Public Government Information ("Ley Federal de Acceso a la Informacion") and a synthesis (in English) can be found at www.ifai.gob.mx)

IFAI has recognized the urgent need to create a new law capable to regulate the private sector activity with respect to data processing (in fact some references to international laws can be found in their webpage at http://www.ifai.org.mx/datos_personales/internacionales.htm)

As a result of the above, several efforts have been made by certain Mexican MP's which have presented a federal law initiative on data protection currently approved by the Camara de Senadores ("House of Lords") in 2003 and is pending for the approval of the Camara de Diputados ( "House of Commons") (the Spanish version of such initiative can be found at http://www.cddhcu.gob.mx/servicios/datorele/cmprtvs/1po2/set/2.htm)

In my opinion, this initiative follows a hybrid method (as most of Mexican statutes do) because on one hand it tries to follow the American approach (as it is stated in some of its Recitals), but on the other hand there are some provisions that are apparently based on the 1995 EC Directive (e.g. the language contained in Article 6 is apparently based on Recital (30) of the EC Directive 1995 when stating that the processing of personal data must be carried out with the consent of the data subject)

However, a more deeply analysis to this initiative has to be made in order to be able to establish an accurate opinion

Finally, only two Mexican States (i.e. Colima and Coahuila) have approved a Regional Data Protection Law aimed to the Private Sector