The Communication of
Personal Data Messages in Mexico
Predictable
state of the art: public
administration, private developments and legislative efforts 2003-2004.
by
The communication of personal
data messages (ãPDMä) has been a developing field since the emergence of
information technologies (ãITä). It is linked to privacy rights, as well with
economic exchange terms. Marketing and credit transactions, direct marketing
and telemarketing, online and offline promotion, the rising of credit bureaus
and the need for modern emergent economies to have an open market for
information societies (despite of economic concentration) are reshaping
economies. In the middle of such evolution, exchange of personal data messages
are a battlefield of this IT new changing ways to make business, to provide for
governance and for public administration. This article draws an outline of the
legal protection of personal data in Mexico and of the main proceedings and
events in this area facing the challenges in 2004. This article has three
sections: The first one outlines the frame for PDM legal protection. The second
section deals with its administration and enforcement. The third describes
important cases, events and facts.
I. LEGAL FRAME
1. Constitution
Stated in the articles 7 and 16 of the Mexican
Constitution as an individual guarantee -that is to say the correlative
protection that the Mexican State grants to an individual right -, the rights
of the private life are conceived as rights of freedom of the person in their
spiritual aspect or right of freedom of privacy. They traditionally
include the inviolability of the address and the inviolability of the
correspondence, but article 16 does not include the explicit protection to
those concepts that have been extended to cover other more modern ones, among
them the right to the informational self-determination or over the own personal
data (as it is denominated by the German jurisprudence([1]), or also called right of cybernetic freedom (as it is
denominated by the Spanish jurisprudence (libertad informatica)([2]). Other independent rights
related to the previous ones are the right to the own voice and to the own
image that constitutes a right of the personality that is contemplated by the
civil legislation and by copyright law (intellectual property rights); the
right to privacy over the own body and its manifestations; the right to privacy
in social life in regard to diverse groups to which the person belongs; the right
to Honour, contemplated by the civil jurisprudence; the right to the freedom of
disposition and the reservation of the own identity expressed in the moral
right of the anonymous author, or to the use of a pseudonym, contemplated in
the copyright law; and the right to reserve of the own identity through the
information of the own genetic code, which it is not yet anticipated in the
Mexican Law.
The 16th Constitutional article in its first paragraph, protects the person, his/her family, documents
or possession, immunity that can only be broken by written order of the
competent authority. Also the tenth paragraph protects the privacy of the
correspondence
The constitutional reform published in the Official
Federal Diary (ãDOFä) on Wednesday July 3, 1996, adds paragraphs ninth and
tenth to the Constitutional 16th article, declaring the inviolability of the
private communications, and subdues the intervention to any private
communications to the exclusive authorization of the federal judicial authority
at request of the federal authority authorized by the law or by the Ministerio
Pœblico (prosecutor authority) of the
corresponding federal entity, establishing its conditions, and excluding the
matters of electoral, fiscal, mercantile, civil, labour, or administrative
character, and also in the case of the communication of the person under arrest
and his/her defender([3]). This constitutional
reform gave origin to the dispositions contained in its secondary law, the
Federal Law against Organized Crime (see infra). This is the main
foundation of the right to privacy in Mexico, as follows.
Ç Article 16
ÇNobody can be
bothered in its person, family, address, documents or possessions, but by
virtue of written order of the competent authority, that founds and motivates
the legal cause of the procedure.
[... ]
[... ]
[... ]
[... ]
[... ]
ÇIn all search
warrant, that only the judicial authority will be able to produce, it must be
expressed in writing the place that is to be inspected, the person or people
whom are to be arrested and the objects that are searched for, so as to limit
to the stated issues the proceedings, and in concluding them, a detailed record
must be written in the presence of two witnesses proposed by the occupant of
the place that was inspected or in their absence or refusal, by the authority
that practiced the proceedings.
ÇPrivate
communications are inviolable. The Law will penal sanction any act that
attempts against the freedom and privacy of them. Exclusively the federal
judicial authority, at the request of the federal authority that is empowered
by the law or by the holder of the Ministerio
Pœblico (prosecutor authority) of the
corresponding federal entity, will be able to authorize the intervention of any
private communication. The competent authority, in writing, will have to found
and to motivate the legal causes of the request, and also the kind, the
subjects, and the duration of the intervention. The federal judicial authority
will not be able to grant these authorizations in issues of electoral, fiscal,
mercantile, civil, labour, or administrative character, or in the case of the
communications of the person under arrest with his/her defender.
ÇThe authorized
interventions will adjust to the requirements and limits anticipated in the
law. The results of the interventions that do not fulfil these requirements
will lack all value as evidence.
ÇThe
administrative authority will be able to practice domiciliary visits only to make
sure that the sanitary and police regulations have been fulfilled; and to
demand the exhibition of books and the indispensable documents to verify that
the fiscal dispositions have been fulfilled adhering in these cases to the
respective law and the formalities prescribed for the search warrants.
ÇThe
correspondence that under cover circulates in the mail will be free of all
registries, and its violation will be punished by the law.
ÇIn time of peace
no member of the Army will be able to lodge in a private house against the will
of the owner, or to impose any benefit. In times of war the military will be
able to demand lodging, food and other benefits, in the terms that the
corresponding martial law establishes. È
We can appreciate Mexican Constitution still needs to
state personal or private data protection, in spite of the mention of the
connected guarantees of inviolability of the correspondence (16 Art. paragraph
third) and of inviolability of the address (Art. 16 paragraphs two and four).
The advance of IT and mass media and their penetration in society urge
legislators to bring up to date laws for the protection of the rights of the
people in the sphere of their confidentiality and privacy.
2. International treaties
Due to recent Jurisprudence of the Supreme Court of
Justice of the Nation ([4]), International Treaties
have an immediately inferior hierarchy to that of the Constitution, but
superior to federal laws; this is fully applicable to human rights (although it
is not always so in other areas, especially in fiscal matter). Mexico has
subscribed and ratified the following international conventions related to
fundamental rights of privacy ([5]): Universal Declaration of
Human Rights (1948) article 12; the articles 5, 9 and 18 of the American Declaration
of Rights and Duties of Mankind (1948); the International Pact of Civil and
Political Rights (1966) article 17; The American Convention of Human Rights or
Pact of San JosŽ, Costa Rica (1969) article 11; The Convention regarding
Children's Rights (1989) article 16. Also the International Agreement on
Telecommunications (
3. International Obligations in regard to Privacy
4. Guidelines of the OECD
In the American continent only Mexico is part of the
OECD from May 18, 1994 together with United States (1960) and Canada (1961).
The maximum authority of the Organization, the Council of the OECD, adopted on
September 23, 1980 the Recommendation of the Council about the Guidelines for
the Protection of Privacy and the free Flow of Personal Data over the border
(Document C(80)58(last part), of October 1¡, 1980)
that has been the foundation for the development of multiple national and
international policies, as well as of arduous pursuit tasks ([7]).
The guidelines of the OECD is composed by eight basic
principles that will be translated in diverse ways for the national application
of each country member, and that Mexico will take care of incorporating to its
internal juridical order. The aforementioned principles, in accordance to the
Recommendation and Limits, are: 1. Collection Limitation Principle; 2. Data
Quality principle; 3. Principle of Purpose Specification; 4. Restricted Use or
Limitation Principle; 5.- Security Safeguards Principle;
6. Openness Principle. 7. Principle of Individual Participation; and 8. Principle of Accountability ([8]).
5. Guidelines of the United Nations
The General Assembly of the Organization of the United
Nations adopted on December 14, 1990 the Resolution 45/95, that deals with the
limits for the regulation of the computer files of personal data (Document
E/CN.4/1990/72) ([9]).
This resolution has had a long and risky life,
including among its main moments, the emission of a special Report:
E/CN.4/1997/31, the emission of the Document E/CN/.4/1997/67, and the Decision
of the Commission 1997/122 of April 16, 1997 (E/CN.4/1999/88).
Mexico revised the consultation requested by the
Commission of Human Rights, of the Economic and Social Committee of the Organization
of the United Nations, in its session Fiftieth third, October 21, 1996, just as
it is written in the report E/CN.4/1997/67 of January 23, 1997 ([10]).
The limits related to the files of computerized
personal data are structured around eight principles, enunciated by the UN as
follows: 1. Principle of lawfulness and fairness 2. Principle
of Accuracy. 3. Principle of the purpose-specification. 4. Principle of
interested person access. 5. Principle of non-discrimination. 6. Power to make
exceptions 7. Principle of Security. 8. Supervision
and Sanctions. 9. Trans-border data flows. 10. Field of Application: to all,
public and private data bases.
6. Secondary laws
Some statutes already dealt with the right to privacy
and somehow made reference to personal data. They can be looked up in:
http://profesor.sis.uia.mx/aveleyra/comunica/privacidad/leyes2.htm
The national legislative panorama has been enriched in
2003 with the decrees issued on the Federal Law of Transparency and Access to
the Government Public Information (ãLFTAIPGä) ([11]).
The main contribution of the LFTAIPG has been the
standardization of the principles under which the diverse organs of the State
must give treatment to the personal data of the citizens, safeguarding the
principles of consent and purpose, and guaranteeing the rights of access and
correction to personal data. However, the law lacks better protection for the
purpose of guaranteeing greater levels of security for the private data, by
having better and suitable law enforcement mechanisms and authorities.
These laws are completed by reforms to the legal
framework for information societies (ãSISä), recently enacted (DOF I-23-2004).
7. Freedom of Information Laws
The Federal Law of Transparency and Access to the
Government Public Information (ãLFTAIPGä) ([12]) went into effect on June
12, 2003 for all the obliged people (the Executive Power with all its
dependences and entities in the Federal Public administration; the Legislative
and Judicial Powers, the autonomous constitutional organs: Electoral Federal
Institute (IFE), Banco de MŽxico ãBANXICOä, and Comisi—n Nacional de Derechos Humanos (CNDH); the
public universities of national reach such as the Universidad Nacional Aut—noma de MŽxico
(UNAM) and the Universidad Aut—noma Metropolitana (UAM), they also began to emit their
respective legislation of conformity with the transparency and accountability
principles of the LFTAIPG, or the regulation to orchestrate the Federal Law
starting from that date.
Besides the Federal Law that inspires all them, there
are six inferior juridical dispositions that regulate this matter in the
Federal Public Administration (Executive power); seven inferior dispositions in
the Judicial power and other tribunals; three
normative dispositions in the Legislative Power; five for the autonomous
constitutional organs; and two for the national public universities. They can
be consulted in a synoptic way in:
http://profesor.sis.uia.mx/aveleyra/comunica/privacidad/correlacion-leyes.htm ([13]).
8. Other related dispositions
The installation of the Unique Identification of
Population Registration (ãCURPä) continues in its final phases. That
identification has the particularity of conferring an unique code for each
citizen with which one can have direct access to multiple personal data;
because of this, it could attempt against the principles of security and
consent of the OECD, although it is argued that it fulfils the Limits of the UN
([14]). Also in process is the
installation of the Mexican Consular Registration for the immigrants
-documented or illegal aliens-- to the United States ([15]). There are likely to
succeed some initiatives promoted by the financial sector concerning free flow
of financial information ([16]).
II. PUBLIC
INTEREST AND PRIVATE BUSSINES: PUBLIC ADMINISTRATION AND LOBBYING GROUPS
9. National Authority of Personal Data
There is a National Authority of Personal Data only
for the Federal Public Administration: the Federal Institute of Access to Public
Information (ãIFAIä), which has a General Direction of Personal Data (ãDGDPä);
technically, it is under the Secretary of Agreements (together with the
Executive Ministry, both aid to the plenary session formed by the five
Commissioners that meet to solve the controversies presented on the right to
access to public information (or to the right of access andÊ rectification of the personal data).([17])
We still do not know if the Federal Law of Personal
Data, approved in the Senate in 2002 ([18]), but still to be
discussed by the present LIX Legislature of the Chamber of Representatives
(Deputies), integrated July 7, 2003, which sessions started on September 2003,
will modify the nature, attributions and functions of the organ of national
authority in the matter. There is a chance for the lobbying groups of issuing
another law project(s), or joining the first one ([19]). As it seems, senatorâs
Garcia Torres newest initiative contemplates building up a new national
authority of personal data, the Instituto Nacional de Datos Personales. This amendment of the original project and of
the approved Law Initiative (still pending for approval in the Representatives
Chamber) may be backed up by the federal administration (SHCP, Banxico, SE), and may cause the legislative process start
again from the beginning. The conformation of the political partiesâ fractions
in the lower Chamber may cause an stagnation for this
initiative, which is not in the top priorities of the political agenda.
If it is not legislated otherwise, and in accordance
to what is now stated in the LFTAIPG, the DGDP would not have attributions to
intervene in matters of personal data of the other powers of the State (the
Legislative and the Judicial Branches), neither does it have authority over
organs or in matters of the federal entities (local or municipal government).
As it is now conceived the DGDP-IFAI has not authority
(jurisdiction) when the personal data is in the hands of private people or
entities, even those destined to provide information. We hope the comprehensive
Personal Data Law to be enacted will solve those problems conferring IFAI
attributions enough.
Besides DGDP-IFAI we can find multiple organs for the
protection of data, belonging to different branches of t he State, always
linked to the right of access to public information.
But we are also in front of an authority lack of
coordination, and legislative emptiness in other sectors such as the particular
individuals and the private corporations. Nowadays there are several separate
governmental agencies dealing with personal financial data: Ministry of Finance
(SHCP); Central Bank (BANXICO);
The best legal option would be to have a national
authority with characteristics and functions similar to those of the national
agencies for the protection of data([21]) of the member countries
of the European Community, which is a requirement to establish cooperation
agreements: a similar level of protection conferred by Law, with a national
authority responsible for its application ([22]).
10. Law Enforcement
There are administrative and judicial instances to
enforce the Law regarding the access to government public information and
personal data. In order to guarantee the minimum rights written down in the
Law, there are procedures for the access and correction of data, as well as the
appeal for review, both in an administrative instance. If the person persists
on the dissent of the matter, he/she can go to the judicial instance, either by
means of the Juicio de Amparo
(a safe, fast and effective procedure to safeguard the individual rights
granted by the Constitution to all citizens and persons), or another procedure
before the tribunals .
11. Related Non Governmental Organizations
At the present time there are no civil organizations
specialized exclusively in the procurement and legal protection of the privacy
rights. There are, on the other hand, various associations and centres
dedicated to the study, publication and promotion of transparency, right to
know and access to public information. Libertad de Informaci—n MŽxico (ãLIMACä) (Freedom of Information
Mexico); Fundacion Informaci—n
y Democracia (ãFIDACä) Foundation Information and
Democracy); Proyecto Atlatl;
the Universidad Nacional Aut—noma
de MŽxico (UNAM) in the Instituto de Investigaciones Jur’dicas (Law
Research Institute) and Facultad de Derecho (Law School), and the Centro de Investigaci—n
y Docencia Econ—mica (Center for Research and Economic Teaching) (CIDE), and the Programa Iberoamericano de Derecho de la Informaci—n,
Universidad Iberoamericana (UIA), among others, are
in charge of it ([23]).
III. MAIN FACTS
AND EVENTS INFLUENCING THE FATE OF PDM REGULATION AND DEVELOPMENT
12. The Personal Data and the Private Sector
It is necessary to consider the rights of the
citizens' privacy in front of the other citizens, in front of the diverse civil
organizations, and in front of the companies, some of them big and powerful
trans-national corporations, others simply oriented to provide personal
information in a small measure and with narrow purposes, but always outside of
the personal use of a single holder. Explicit law regulation in respect to
personal data is required in a democratic system with civil liberties
constitutionally granted. The contractual relationships justify the possession
of personal information by several people and organizations that information is
used for certain purposes, and for a certain cost, and it becomes merchandise
in the current productive cycle. The rights of people's privacy can suffer
abuses if there is not an explicit regulation on direct marketing in the
consumer protection dispositions. It is needed, on the other hand, to promote
open markets for information societies.
Telephone calls, advertising promotion by postal mail
and by electronic mail; not requested fax; etc., constitute intrusions in the
private life that should require by law consent of people to be included and/or
excluded, previous or later, in a database with marketing purposes. Another
very important aspect is the credit reports, where the personal data of the
people subject of credit are used with the purpose of guaranteeing the
viability of the domestic financial system of the country, that is to say, the
public interest. But credit information can also be abused in several ways:
when the instalments are enlarged more than it is reasonable; also in the case
of the ãright to forgetä or ãright to oblivionä: the report of insolvency should
not be prolonged for more than a reasonable number of years, i. e. five, after regularization (such is the term fixed by
the Colombian jurisprudence. The usual term in Mexico is seven years. ([24]). Other practices to
follow are the personal sensitive data processing within the financial,
marketing or credit report in the same database, (situation prohibited by the
European Directive, although it is an usual practice
in some of the American marketing).
All the above-mentioned is important because it is
necessary that the next Federal Law of Personal Data contemplates appropriate
and thoroughly all those suppositions where the rights of the citizen's privacy
over his/her data find a balance with the rights of the society to know them,
as well as the proper design of the attributions and powers of the organ or
national authority in the matter ([25]).
But above all, making sure the enforcement of the law,
there is a unique chance to enact a personal data comprehensive law which take
into consideration the peopleâs needs, the use of the information for the
benefit and fulfilment of the real needs of ordinary people, boosting the
economic system, reducing transaction costs and expanding Mexican internal
markets.
13. Recent cases of importance
Although we could find some more ([26]), three matters have
mainly monopolized the attention of the media in regard to privacy. The first
one, the persecution of the companies that, violating the principle of the
consent of the holders of the data, made use of diverse databases like the
federal electoral census, the vehicle registration, the registration of the
driving licenses, etc., to sell them to the North American companies ãChoicepointä and
other ones; which became suppliers of the government of the United States,
especially of the government agency INS (Immigration and Naturalization
Service), among others. The facts were already known (EPIC had given the news
more than one year before, including copy of the document as a proof ([27]), but the matter didn't
take entity until the newspaper Reforma, of
Mexico City, published in its front page the news on April 13, 2003, and from
that date on continued to investigate the facts spreading the news to other
media ([28]).
The second important matter is related with the
implementation of diverse control measures in the borders of the United States
and Mexico, and of Mexico and Guatemala. The fight against the terrorism is
important, and has forced to measures of biometric identification of prompt
implementation, as well as to the United States government's critic to the
security of the consular documents of identification of Mexicans that ended up
as valid identifications with effect before the authorities of the United
States ([29]),
although the measures in the anti-terrorism fight seek to harden the standards
on the part of authorities of the American government. Private companies began
to sell chips for medical purposes or for security and location or persons ([30]).
A third matter refers to the opening of the secret
files from the government relative to the events of 1968 and the denominated
ãdirty warä ([31])
against the social movements and guerilla fighters
of the decade of the seventies. This opening happened in the previous stage to
the existence of the LFTAIPG. It is written in its article 14 in fine (and
it is repeated later on by the diverse laws in the matter, especially those of
the Judicial power) that it will not be considered reserved all information
related with the investigation of serious violations of fundamental rights or those
considered crimes against mankind (delitos
de lesa humanidad) that
appears in the public files. Serious violations to human rights in the past
were the slaughters of 1968 ([32]30), of 1971 ([33]), the ãdirty warä, as
well as the abuses of the Secret Police Corps. ([34])
14. Anti-terrorist battle and erosion of private life:
impact on Mexico of the policies of the United States. The
common border and the bi-national security issues.Ê
The records of the negotiations between the United
States and the European Community in regard to the protection of personal data
point out a difficult way. The rights of people should not be in conflict with
national security, although the experience frequently dictates the opposite in
this stage post S-11. The bi-national agenda US-Mexico should contemplate
safeguards of the human rights of the immigrants, whether they be legal
immigrants or illegal aliens, including collaboration from the authorities on
both sides of the frontier to guarantee the respect to the fundamental rights
of people, which includes the establishment of clear rules and principles for
the treatment of the personal data, in conformity with international law and
with the principles accepted by both countries, in harmony with the systems
that better guarantee, because of its high standards, the protection of the
human rights in this matter, trying to offer the homologation in particular
with the protective system of the European Union, and also trying to find the
roads for the summing up of the bi-national Agreement for the Exchange of Data,
similar to the Safe Harbour Agreement between the State Members of the European
Community and the United States. We shall follow carefully the Patriot Acts I
and II proceedings, and its related agenda ([35]) as well as their countermeasures
([36]). The Foreign
Intelligence Surveillance Act (FISA) and related regulations are to be
considered in the bi-national security talks ([37]) involving privacy.
* This article was prepared as a previous version for
the PHR 2003, Privacy and Human Rights Report 2003, and it was partially rewritten, amended and updated for its publication
in CMLJ 4. It can be retrieved online from:
http://profesor.sis.uia.mx/aveleyra/comunica/privacidad/cmlj4.htm and for it
Spanish version, in: http://profesor.sis.uia.mx/aveleyra/comunica/privacidad/dci4.doc
[1] ÊInformationelle Selbstbestimmungsrecht. See: BVerfGE 65, 1 (42).
http://www.datenschutz-unddatensicherheit.
de/jhrg22/edit9802.htm Also:
http://www.cs.unimagdeburg.de/~sschimke/informationelle_selbstbestimmung.html ,
http http://ig.cs.tuberlin.de/da/041/Kapitel3.htm ,
http://www.datenschutz.mvnet.de/taetberi/tb1/1_1.html ,
http://www.datenschutz.mvnet.de/taetberi/tb1/1_1.html
, http://www.datenschutz-berlin.de/jahresbe/95/sonstige/an4.htm and many
other.
[2] Sentence
254 of 1993: it was the first one to recognize such right. Sentence 143 of May
9, 1998: tributary
identification number; it is against the law and against the right to
associate in free trade unions to use trade
union personal information to grant discounts or other benefits;
Sentence of November 8, 1999: about the
medical diagnosis and the workers consent; Sentences 290 and 292, 2000,
against the former Spanish Data
Protection Law (LORTAD): there is a fundamental right of cybernetic
freedom (ãlibertad inform‡ticaä).
See:
http://www.tribunalconstitucional.es/STC2000/STC2000- 290.htm and
http://www.tribunalconstitucional.es/STC2000/STC2000- 292.htm
[3] ÊFor a description of the situation before the
Constitutional reform and the proposals that drove to it, cfr.
Ignacio Carrillo Prieto and HaydŽe M‡rquez Haro.- La
Intervenci—n Telef—nica Ilegal. Comparativo
Internacional y
Propuesta Informativa. (Procuradur’a General de la Repœblica, MŽxico
1995) 197.
[4] Amparo en revisi—n 1475/98 and
Tesis P.LXXVII/99. Semanario Judicial de la
Federaci—n y su Gaceta, novena Žpoca, v. X, November
1999, p. 46. Cfr. Manuel Becerra Ram’rez, Jorge Carpizo, Edgar Corzo Sosa, Sergio L—pez Ayll—n, Cuestiones
Constitucionales 3 (julio-diciembre 2000),
http://www.juridicas.unam.mx/publica/rev/cconst/cont/3/cj/cj7.htm
[5] A
synoptic view of the texts specifically dealing with privacy in those Treaties
subscribed by Mexico can be found in: http://profesor.sis.uia.mx/aveleyra/comunica/privacidad/ti.htm
[February 2004].
[6] The
last published instrument is: Plenipotentiary Conference (Minneapolis, 1998)
that contain the amendment Instruments to the Constitution and the Agreement of
the International Union of Telecommunications (Geneva, 1992) with the
Amendments adopted by the Conference of Plenipotentiary (Kyoto, 1994), DOF, 20
November 2000 (it is not still in vigour in Mexico). Precedent Conferences:
Constitution and Agreement of the UIT, Geneva 1992, Modified for the Conference
of Plenipotentiary (Kyoto 1994); Constitution and Agreement of the UIT, M‡laga, Torremolinos, October 25,
1973, ratified by Mexico, 23 of July 1975, published DOF, 23 January 1976. International Agreement of Telecommunications. General Regulation Final Protocol of the Agreement.
Additional protocols to the Agreement Resolutions, Recommendations and Vote.
Geneva, Switzerland, December 21, 1959. Ratified by
[7] A
short version of the OECD Guidelines can be consulted in:
http://profesor.sis.uia.mx/aveleyra/comunica/privacidad/principios-ocde.htm
[February 2004].
[8]Ê Organisation
for Economic Co-Operation and Development. OECD Guidelines on the Protection
of Privacy and Trans-border Flows of Personal Data. Paris, France, 2002, 62. ISBN 92-64-19719-2. It includes: Declaration on Trans-border
Data Flows (1985), andÊ
Ministerial Declaration on the Protection of Privacy on Global
Networks (1998).
[9] United
Nations Guidelines and Principles can be consulted in Spanish in: UNO website,
http://193.194.138.190/spanish/html/menu3/b/71_sp.htm In English:
http://193.194.138.190/html/menu3/b/71.htm [February 2004]. For a review in
Spanish, see: http://profesor.sis.uia.mx/aveleyra/comunica/privacidad/principios-onu.htm
[10] Êhttp://www.hri.ca/fortherecord1997/documentation/commission/e-cn4-1997-67.htm , search under ãMŽxicoä.
[11] DOF
[12] DOF
Tuesday, June 11, 2002, 11 cfr.:
http://profesor.sis.uia.mx/aveleyra/comunica/leyes/latip.htm [July
2003]. See it also in: http://www.segob.gob.mx/dof/2002/junio/dof_11-
06- 2002.pdf
[13] ÊFor a previous
version of the research before the issuance of the 2003 regulations, see: Antonio M. Aveleyra, El Derecho de Acceso a la
Informaci—n Pœblica vs. el Derecho de Libertad Inform‡tica (ÀConflicto
entre el Derecho a la Informaci—n y el Derecho a la Intimidad de los Datos
Personales?) aportaciones desde la teor’a del derecho. Jur’dica, Anuario del
Departamento de Derecho de la Universidad Iberoamericana 32 (Mexico city 2002) 403-443. Available online:
http://profesor.sis.uia.mx/aveleyra/comunica/privacidad/pdp.htm
. Freedom of information and access to public information laws can be
reached at: http://www.limac.org.mx , in
http://fidac.org.mxÊ , http://atlatl.org.mx
, and in http://profesor.sis.uia.mx/aveleyra/comunica/leyes/daip/ [February
2004].
Ê
[14] ÊSee:
http://www.hri.ca/fortherecord1997/documentation/commission/e-cn4-1997-67.htm
Look under ãMexicoä [February 2004].
[15] ÊFor a review of the news on these topics, cfr.:
http://profesor.sis.uia.mx/aveleyra/comunica/privacidad/noticias/ [February
2004].
[16] ÊSee the excellent research
of Rafael del Villar, Alejandro Diaz
de Le—n and Johanna Gil Hubert: Regulaci—n de Protecci—n de Datos y de Sociedades
de Informaci—n: Una Comparaci—n de Pa’ses Seleccionados de AmŽrica Latina, los
Estados Unidos, Canad‡ y la Uni—n Europea.
http://www.banxico.org.mx/gPublicaciones/DocumentosInvestigacion/docinves/doc2001-7/doc2001-7.pdf .
Available in English in: http://www1.worldbank.org/finance/assets/images/Regulation_of_Personal_Data_Protection.pdf
[February 2004].
[17] The
intended structure of DGDP/IFAI will have one Director General; under, one Area
Director of Protection of Personal Data; a Sub Director of Confidential Information;
a Data Bases Director; a Data Bases Sub Director; a Chief of the Department of
Data Base Maintenance; an Executive Assistant; and an Administrative Assistant.
(IFAIâs answer to public information request, July
22, 2003, information confirmed in February 2004).
[18] Minuta con Proyecto de Decreto por el que se Expide la
Ley Federal de Protecci—n de Datos Personales - abril 30, 2002. Legislatura
LVIII, A–o 2, Periodo 2, No. Gaceta 55, Date April 30, 2002.
http://www.senado.gob.mx/gaceta/107/107m.html [February 2004].
[19] COFEMER (Comisi—n Federal de Mejora Regulatoria, Secretar’a de Econom’a), issued a legal opinion against the law as
enacted in the Upper chamber, available at:
http://profesor.sis.uia.mx/aveleyra/comunica/privacidad/opinion-cofemer.doc
Garcia Torres original initiative was modified by Banxicoâs
team withdrawing from it the right of privacy for corporations; establishing
the rules for the information societies in a separate law, Ley
para Regular las Sociedades de Informaci—n Crediticia, enacted in January 15, 2002; and establishing
IFAI as national authority. A review of Banxicoâs
opinions from Senator Antonio Garcia Torres, at the Antigua, Guatemala,
--meeting organized by the Spanish Government Agencia
Espa–ola de Protecci—n de Datos for the Ibero-american
Governmental Data Agencies-- is available at:
http://profesor.sis.uia.mx/aveleyra/comunica/privacidad/antigua/garcia-torres.doc
(accordingly to public information granted by IFAIâs
delegate to that meeting, the General Director for Studies and Research, Dr.
Eduardo Guerrero GutiŽrrez).
The terms of debate
are as follows: COFEMER and BANXICO, separately, argued for the conformation of
markets for information societies, i. e., credit
bureaus and marketing businesses; to introduce data comptrollerâs duties and
rights; competition conditions for the information societies.
It is un-accurate to
sustain as a Banxicoâs proposal the mandatory sell of
the credit bureauâs shares as it has been said, but it is seen as a convenient
measure the political persuasion for the de-investment of the main shareholders
(Banks), which are at the same time the main users of the services of Bur— de CrŽdito (Trans Union +
Dun & Bradstreet + Banks) from the monopolistic credit society --due to the
fact that the other formerly operating credit bureaus companies, linked to some
of the main American companies i.e. Equifax, since mid 1996 till the beginning
of 2000 in which was closed, and to local Mexican capitals--, fall into
bankruptcy because, among other things, of the high transaction costs derived
from a very poorly designed concept ofÊ
ãsharable data baseä which was approved by some of the second level
officers in the Secretar’a de Hacienda, as it was
issued in the several governmental regulations (art. 33 of Ley
para Regular las Agrupaciones Financieras, related
to the following regulations: DOF February 15, 1995; September 1997; December
27, 1996; March 18, 2002; August 14, 2003), all of which were recently
superseded by the Ley para
Regular las Sociedades de Informaci—n Crediticia, DOF
January 15, 2002, with its most recent amendments in January 23, 2004; for the
previous facts cfr. the outstanding research of
Rafael del Villar et
alii, Regulaci—n de Protecci—n de Datos y de Sociedades de Informaci—n: Una Comparaci—n de Pa’ses Seleccionados de AmŽrica Latina, los Estados Unidos, Canad‡ y la Uni—n Europea, cit. at note 16 supra.
The conformation of
an open market for information societies including the credit bureaus, giving
more efficiency to the economic system and real care for the fundamental rights
of the people, is a strong need in Mexico which has to be satisfied sooner or
later! A legal framework for credit reports reselling; to include the ãopt-outä
system instead of the ãopt- inä followed in the law (that is, not to require
the consent of the personal data owner prior
to the creation of the database, but the possibility of excluding of the
personal data afterwards); and the
review of the procedural framework for the enforcement of the personal data
protection law, were some other arguments discussed among COFEMER team and the
supporters of Garcia Torresâs first proposal.
[20] Accordingly
with Ley Org‡nica de la Administraci—n Pœblica Federal,
article 26, there are 18 Secretarias (Ministries) and
one Consejeria Juridica in the Central
Public Administration. Besides that we have the Administracion
Publica Paraestatal (decentralized
organs, corporations with public investment, national banks, national credit
organizations, national insurance and guarantees organizations, trusts). For an
analysis of the extent of the personal data managed by the Federal Public
Administration in Mexico, see:
http://profesor.sis.uia.mx/aveleyra/comunica/privacidad/dp-apf.htm
[February 2004].
[21] 12 Cfr. Aveleyra, Antonio.- îrganos Nacionales
relacionados con la protecci—n de datos personales. Universidad Iberoamericana,
July 2003. http://profesor.sis.uia.mx/aveleyra/comunica/privacidad/onpdp.htm
[February 2004].
[22] Argentina,
per example, obtained the certification of having an equal level data
protection in the European Union: COMMISSION DECISION of 30/06/2003 pursuant to
Directive 95/46/EC of the European Parliament and of the Council on the
adequate protection of personal data in Argentina.Ê See:
http://europa.eu.int/comm/internal_market/privacy/docs/adequacy/decision-c2003-1731/decisionargentine_en.pdf
and also http://www.protecciondedatos.com.ar/decen1731.htm
[23] For a survey of the NGOâs
process, see: Talli Nauman,
Mexicoâs Right-to- Know movement Citizenâs Action in the Americas n. 4,
February 2003, http://www.americaspolicy.org/citizen-action/series/04-rtk.html
For a listing of some of the NGOâs see:Ê
http://www.americaspolicy.org/citizen-
action/series/04-rtk_body.html#mexican
[24] ÊFor personal credits the right to oblivion is seven
years (as stated in the Article 23 of Ley de Sociedades de Informaci—n Crediticia), but the credit shall be completely closed or
already paid; ãwith no juridical relationä which means paid freely and with no
enforcement of lawyerâs firms or debt collection agencies: and ãwith no
judicial sentence again st the debtorä and only when
the credit is not more than 300,000 UDIâs, around one
million pesos Mexican currency. For societies there is no right to oblivion.
Cf.:
http://www.burodecredito.com.mx There are some reports stating that the