Transparency and Data Protection Reforms: New Legal Framework Comes into Force

By Berenice Sagaón

Today, the decree issuing three new fundamental federal laws on transparency and data protection, as well as a reform to the Organic Law of the Federal Public Administration, came into force.

A New Legal Framework on Access to Information and Data Protection

With this legislative reform, the following are enacted:

• The General Law on Transparency and Access to Public Information;
• The General Law on the Protection of Personal Data Held by Obliged Subjects;
• The Federal Law on the Protection of Personal Data Held by Private Parties;
• And Article 37, Section XV, of the Organic Law of the Federal Public Administration is amended.

These provisions constitute a new regulatory system that seeks to guarantee the full exercise of the human right of access to public information and the effective protection of personal data, both in the hands of authorities and individuals.

Main Objectives of the General Transparency Law

This law, of national application and general observance, establishes the principles, foundations, and procedures to:

• Guarantee the right of access to public information.
• Establish mechanisms for challenging denials or deficiencies in access to information.
• Promote proactive transparency through the dissemination of information of public interest.
• Establish a functional organization for the National System of Access to Public Information.
• Promote accountability, the fight against corruption, and citizen participation in public decision-making.

Obligated Subjects and Guaranteeing Authority

The new framework imposes transparency obligations on all public entities at all three levels of government, autonomous bodies, political parties, unions that exercise public resources, and individuals who perform acts of authority. It also establishes the roles of guaranteeing authorities at both the federal and local levels, headed by the new body called Transparency for the People, attached to the Secretariat for Anti-Corruption and Good Government.

Obligated entities must, among other things:

• Establish Transparency Committees and Units.
• Document and publish the information generated in the exercise of their functions.
• Respond expeditiously to requests for information through the National Transparency Platform.
• Proactively disseminate information of public interest in accessible formats.

Personal Data Protection: Two Laws, Two Approaches

The regulatory distinction between personal data held by public authorities (Obligated Entities) and those held by private individuals is maintained. Each regime has a specific law, focused on establishing guiding principles, rights of data subjects, obligations of data controllers, and monitoring and sanctioning mechanisms.

The principles of legality, consent, quality, purpose, loyalty, proportionality, and responsibility are prioritized in data handling, as well as the recognition of ARCO rights: access, rectification, erasure, and objection.

Reform to the Organic Law of the Federal Public Administration

Additionally, Section XV of Article 37 of the Organic Law of the Federal Public Administration is amended to redefine the powers of the Anti-Corruption and Good Governance Secretariat as the sector’s leader in matters of transparency and data protection.

This legislation represents a significant step in the consolidation of a more open and transparent State that guarantees fundamental rights. Its proper implementation will depend, to a large extent, on coordination between the three levels of government and the ongoing training of public servants and obligated individuals.

At ECIJA Mexico, we remain at your service to clarify any questions or provide advice on the impact of these reforms on institutional practices regarding regulatory compliance, transparency, and data protection.

 

ECIJA Mexico

socios.mexico@ecija.com

+52 55 5662 6840

www.ecija.com