By Tania Gorostieta

The technological progress in Information Technologies and computer networks in the recent decades increases by the day and plays an increasingly important part in various aspects of human activities. The use of electronically transmitted data has permitted newer and efficient ways of rendering services to the population, such as: e-commerce, services provided by different governmental agencies, information systems and databases among others.

Nevertheless, as the Internet expands its presence and usefulness, the possibility of creating a wider and more efficient legal framework that protects data and information provided by citizens, not only to commercial company websites but to governmental entities as well, must be weighed upon, considering that the purpose of these organisms is to ensure citizens free access to a wide array of integral public services, public information systems, and online formalities.

Personal data privacy and protection are core elements in the existing e-commerce types (business to business, business to consumer, government to business) and have increasingly gained relevance, particularly in the business to consumer field, when consumers make transactions by electronic means such as, Internet shopping, or information exchange among users, companies, and governments via the Web.

Consequently, the importance of personal data protection has a double outcome upon the social groups that use Internet as a means to transmit, store, and process information. On the one hand, it demands responsibilities from those with access and knowledge of personal and private data. On the other hand, it grants rights to the data owner with the purpose of controlling how, who, and why, his data are being managed, these rights being executed before those who handle his information within the legal limits thereof.

Considering the above, we must bear in mind four important aspects concerning information management via Internet:

  1. Consistency must exist among regulations, particularly in regards to the structure related to data management.
  2. In countries with similar social, political, and economic environments, it will be necessary to set out a series of behavioral protocols for companies and public powers for them to follow, with respect to the treatment of personal nature data.
  3. A standardization must be set among the laws currently in force in each nation in the technology field for it is of utmost importance that they be objective and neutral concerning technology.
  4. The use of technological means must lead us to an administrative homologation of logical procedures which contain an entrepreneurial and functional focus.

The new information technologies unfortunately also offer novel and flexible ways of unethically mishandling information, in harm of the subject thereof. This is one important reason why it is clearly evident and necessary to protect citizens against the possible mishandling of their personal information, without attempting to narrow or limit the benefits that information technologies provide.

To protect personal data and their confidentiality implies protecting the owner. This is one more reason to take care of personal information and to make good use of it in order to guarantee the protection of individuals.

The objective of data protection is to ensure the owner of the data being, for instance, a customer, an affiliate, a beneficiary or a legal representative, that any third party (from the private or public sectors) will use his personal information with the level of confidence he demands, such that the owner never loses control of this information and knows who has it, what use they are making of it, or to whom it is being transmitted at all times.

A protection system that punishes any third parties that use personal information, or that make it available to other people, and that modify it with electronic equipments without the owner’s consent hence breaching his personal, familiar, social or professional privacy, is therefore sought.

Article 16 of the Mexican Constitution establishes one of the most important individual guarantees, i.e. the right not to be disturbed in our selves, our family, our possessions or documents, therefore providing the legal framework for privacy.

However, this constitutional provision has not evolved into a specific law aimed to regulate the protection of personal data, despite the references found in several codes such as the Federal Law on Protection to the Consumer, the Federal Law of Copyrights, the Law of Credit Institutions, and the Federal Personal Data Protection Bill, among others.

Mexico is currently undergoing a legislative process addressed to create a legal framework that can be applicable to the protection of personal data. In order to do that, it would be very useful that this process would take into consideration the international expertise and behavior of global markets which address that matter so uniform criteria regarding the personal information protection could be generated.

A personal data protection law in Mexico shall consider the principles of personal data protection of international standing which are applicable to both public and private entities. Additionally it must be conformed according to Mexico’s social, political and economic conditions by establishing clear and simple rules that allow their implementation and compliance, as well as a balance between personal data flow and their protection.

It is of essence that this law promotes the culture of data protection among individuals so that it becomes a core value of our society.

Finally, this law shall ensure the effective exercise of personal data protection rights, and shall foster a culture of trust and respect to human rights through the cooperation of independent institutions as well as public institutions.

These organisms have devoted to organizing seminars, conferences, and awareness fora in order to promote the importance of data privacy and protection in schools, colleges, public and private companies, etc., where their goal is to spread its principles, regulations, and standards to every user in order to meet the demands concerning personal data, as well as the technological progress and innovations of systems for the use, distribution, control, and storage of databases, and of implementation of security measures and sanctions.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.