On April 16, 2021, the Mexican Executive Branch published in the Official Federal Gazette the DECREE amending various provisions of the Federal Telecommunications and Broadcasting Act (the “Decree”), charging the Federal Telecommunications Institute (Instituto Federal de Telecomunicaciones) (“IFT”) with incorporating, into its current Public Telecommunications Registry, a new National Registry of Mobile Phone Users (the “National Registry”).
The amendment to the Federal Telecommunications and Broadcasting Act in question requires telephone concession holders in Mexico to collect and deliver to the IFT personal data on the holder of each phone line in order to contract new telephone services and continue rendering preexisting ones, thereby providing the data which shall make up the National Registry. In general terms, such data shall include both information pertaining to the registered phone line itself, such as the associated telephone number, the date and time of activation, and the associated payment scheme, as well as personal data pertaining to the registered holder of the line in question, such as their personal address, data obtained from their official identifications and, above all, their biometric data.
Without a doubt, the registry of biometric data belonging to the customers and holders of mobile phone lines within the National Registry remains one of the most controversial issues raised by the Decree’s reforms, as such data’s incorporation into a massive government database (that is, the National Registry) would draw Mexico closer to countries such as China, Saudi Arabia, and the United Arab Emirates, all of which currently require their citizens to hand over biometrics in order to have access to a mobile phone line.
Moreover, the Decree justifies such registry of customers’ / mobile phone line holders’ biometric data within the National Registry as a means to aid the government in security and justice-related matters as well as to fight crime. However, such purpose would hardly be met by the means approved in the referenced legal changes, which, instead, threaten to expose the personal data of millions of Mexican mobile phone users, including biometric data, to unauthorized use by third parties. This would seem especially relevant once taking into account that Mexico remains one of the countries most affected by cyberattacks on a global scaleand is currently ranked eighth in the world in reported cases of identity theft. To make matters worse, Mexican regulations regarding the protection of biometric data remain relatively weak, particularly in comparison to foreign data protection laws, such as European data protection regulations, which expressly refer to biometric data as sensitive information requiring a special and restricted degree of protection and treatment.
It would not be entirely unexpected if the data entered into the National Registry, including any biometric data entered therein, were to end up on the black market in a manner similar to information recorded on other government registries, such as the Mexican voters’ registry, and place the relevant personal data owners in the way of any related risks. It can certainly be said that including biometric data from the customers / holders of mobile phone lines is not a measure proportional to the stated purposes of the amendments in question, insofar as it could threaten individuals’ constitutionally-protected rights to privacy and personal data protection, as well as the very rule of law. Things being as they are, the only current alternative would be for Mexican courts to grant those customers / holders of mobile phone lines who are unhappy with the published amendment, judicial protections from such amendment’s effects, as certain federal judges have begun to do by granting temporary suspensions to claimants who have requested not to be registered within the National Registry.
For additional information on this and other telecommunications and privacy matters, please contact our experts:
Luis Burgueño, Partner: +52 (55) 5258-1003 | firstname.lastname@example.org
Gloria Martínez, Counsel: +52 (55) 5258-1014 | email@example.com
Rubén Villegas, Associate: +52 (55) 5258-1003 | firstname.lastname@example.org