Cross-Border Privacy Rules System in Mexico: Regulations and Enforcement
The Mexican Cross-Border Privacy Rules (CBPR) system is overseen by the Privacy Enforcement Authority (PEA) and involves binding self-regulation parameters, certification schemes, and the involvement of both the public and private sectors. The system aims to protect personal data held by private parties, with authorities conducting investigations, resolving cases, and imposing fines as necessary. Entities must comply with the self-regulation parameters to operate in Mexico and be recognized by APEC. The certification system ensures the correct processing of data by controllers and processors in alignment with CBPRs.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Cross-Border Privacy Rules System Melissa Higuera P rez Director for Privacy Policies and Agreements Federal Institute for Access to Information and Data Protection, Mexico
A fundamental right (arts. 6, 16 and 73 of Mexican Constitution) FEDERAL LOCAL Government Mexican FOIA Several local Laws Federal Law on Protection of Personal Data held by Private Parties (DPL), its regulations and Parameters Private sector Binding Self- regulation
Mexican PEA IFAI Is the Privacy Enforcement Authority in Mexico for: i) The federal public sector and ii) The private sector, with the following powers: Conduct investigations Solve cases issued by data subjects regarding ARCO rights Impose fines Regarding the Binding Self- Regulation Parameters, IFAI authorizes, oversees and revoke accrediting entities that approve certifiers (AA) Ministry of Economy is a personal data regulatory entity involved in, among other things, the issuance of the Self- Regulation Parameters. http://t0.gstatic.com/images?q=tbn:VTU0JxOpvNnPYM:http://www.redaduanal.net/wp-content/uploads/2010/03/SE2.jpg
Self-Regulation Parameters They provide the rules governing: i) Binding Self- Regulation mechanisms and ii) The DP Certification System, including specific conditions to become an accrediting entity or a certifier (AA) Current status: The Ministry of Economy and IFAI are waiting for the final opinion of the Mexican Federal Regulation Agency. CBPR s System & Certification Scheme Anyone who wants to apply to be an AA recognized by APEC and operate in Mexico, must comply with the parameters. This guarantees the correct operation of the system, in both the national and AP region environments.
Certification System vs. CBPRs System LEVEL CBPR s SYSTEM CERTIFICATION SYSTEM DPS (JOP) = Administrative functions to maintain the CBPRs System. I Economies and PEAs that supervise the correct functioning of the System in their jurisdictions. IFAI authorizes, oversees and revokes Accrediting Entities II II.1 Accrediting oversee and revoke certifiers (AA) Entities approve, AAs that validate the privacy policies developed by data controllers and data processors. Certifiers (AA): Certify the correct processing carried out by data controllers/ processors. III Data controllers and data processors. Data controller or the data processor. IV
Benefits for Mexicos Participation 1. Protects the fundamental right for personal data protection Binding Self-Regulation mechanisms such as the CBPRs System provide minimum standards for PDP in the region needed because the: Rapid technology changes Territorial limitations of common privacy regulation (the CBPR System allows interoperability and international cooperation) 2. Benefits business s efficiency in the region and user s convenience. Ensures a free and SECURE flow of information across borders and provides regional recognition of better service providers (cloud services providers) = investment
Cross-Border Privacy Rules System Thank you!