On January 18, the Mexican data protection authority
(Instituto Nacional de Transparencia, Acceso a la
Información y Protección de Datos Personales or
"INAI") set forth guidelines for data controllers (source
document in Spanish) on using INAI's website as a compensatory
measure to deliver privacy notices to data owners. Data controllers
may use compensatory measures when it is impossible to deliver
privacy notices directly to data owners or if such delivery
involves disproportionate efforts. Under the guidelines, a data
controller may use INAI's website to publish a privacy notice
if: (i) the data controller is authorized by INAI to implement a
compensatory measure or is exempted from obtaining such
authorization; (ii) does not have a website of its own; and (iii)
the privacy notice complies with all legal requirements.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.