On January 18, the Mexican data protection authority (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales or "INAI") set forth guidelines for data controllers (source document in Spanish) on using INAI's website as a compensatory measure to deliver privacy notices to data owners. Data controllers may use compensatory measures when it is impossible to deliver privacy notices directly to data owners or if such delivery involves disproportionate efforts. Under the guidelines, a data controller may use INAI's website to publish a privacy notice if: (i) the data controller is authorized by INAI to implement a compensatory measure or is exempted from obtaining such authorization; (ii) does not have a website of its own; and (iii) the privacy notice complies with all legal requirements.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.