I’ve written about this before – but things have moved on, and not in a good way. Some aspects of the law discussed are deeply troubling, and privacy activists around the world should be concerned. The following is by Lisa M Brownlee – an information security/privacy and intellectual property legal scholar and author residing in Mexico, and someone whose work is well worth following, as is Lisa herself, on Twitter, where her tag is @lmbrownlee1. Her work on an early version of the law being discussed was published in ArsTechnica.
Mexico’s new telecommunications law – including controversial surveillance and data retention provisions.
On Wednesday, August 13, in a 4-3 vote, Mexico’s personal data protection authority, IFAI, (Federal Institute for Access to Information and Data Protection) considered and voted against challenging the constitutionality of Mexico’s new telecommunications law, the Federal Telecommunications and Broadcasting Act (FTBA).
The National Human Rights Commission (CNDH) was also empowered to block the legislation on constitutional grounds but failed to do so by Wednesday’s challenge deadline. The Mexican legislature’s Chamber of Deputies, also empowered to prevent the law’s taking effect, was 12 signatures short of a vote to block the FTBA. FTBA therefore took effect on August 13.
Shortly after the vote, Mexico’s Secretary of Communications and Transport (SCT), Gerardo Ruiz Esparza welcomed the new law and hailed, among other provisions, the law’s authorization of SCT to establish new Internet connections in over 40,000 public places nationwide.
IFAI is mandated to protect the privacy and personal data of citizens, and thus had the authority to challenge the constitutionality of the data collection, retention and access provisions of FTBA Articles 189 and 190. During the hearing, IFAI members stated that the data collected and retained under the FTBA was not “personal data”, and that IFAI therefore lacked standing to bring the suit.
FTBA Article 189 requires telecommunications licensees and Internet service providers to provide real-time geographic location of any type of communication device to public servants and security officials at their request, without warrant. Article 190 provides for the collection of data pertaining to communications, including the-origin of calls, duration, location, text messages metadata, activity on the network, and for the retention of such data for up to 24 months. Both provisions provide warrantless access by a broad range of government and law enforcement personnel.
Human rights activists fighting the constitutionality of the FTBA’s geolocation and data retention and access provisions were disappointed in IFAI’s failure to take action. The Twitter hashtag #IFAIL arose shortly after the no vote, the tag being a play on IFAI’s name, designating failure to carry out its privacy and data protection authority.
The digital rights group R3D Mexico decried as indefensible the statement made by IFAI president Ximena Puente that the data retained by the telecommunications companies was not “personal data”, and later criticized the failure of IFAI, CNDH and the Chamber of Deputies to act.
We need to watch this space!