Privacy & Information Security Law Blog

On February 4, 2009 the Trilateral Committee on Transborder Data Flows met in Mexico City.  The committee is comprised of representatives from the Canadian, Mexican and U.S. governments and is part of the Security and Prosperity Partnership of North America.  The Trilateral Committee invited representatives from the private sector to give testimony on current and potential impediments to the free flow of personal data in North America.

The main theme for this meeting was potential federal privacy legislation in Mexico and whether it would be consistent with the regulatory approach already in place in Canada and the United States regarding transborder data flows.  Most of the companies present testified on the proposed federal privacy legislation and how it would impact data transfers to and from Mexico.  Currently there are seven different privacy bills active in the Mexican federal legislature.  Two of these bills are considered  the front-runners at this time.  The first is based on the Spanish data protection act and includes European data protection mechanisms such as requiring companies to register databases and restricting the flow of personal data from  Mexico to countries with inadequate data protection.  Generally, there was great concern regarding this bill’s inconsistency with the accountability approach taken in Canada and the United States.

The second bill is based on the OECD Privacy Guidelines and APEC Privacy Framework and requires organizations to hold themselves accountable when transferring personal data outside of Mexico.  This requirement is consistent with the regulatory approaches taken by Canada and the United States.  Consistency is a stated goal for the Trilateral Committee. 

Privacy legislation is not new in Mexico.  There has been a stalemate between European and APEC approaches.  While it is difficult to determine precisely what the Mexican privacy law will look like or when it will appear, there are signs suggesting such a law will be passed in this session.  Given the strong ties between the Mexican, Canadian and U.S. economies and the possibility of European-style restrictions on transborder data flows, this is a topic certain to garner considerable attention as the Mexican legislative process continues.