1.0 KiB
Mexico's federal privacy law (effective 2010, reformed 2024). Key requirements: consent, notice (privacy notice must specify the "responsible party"), purpose limitation, data subject rights (ARCO — access, rectification, cancellation, opposition + deletion, portability), cross-border data transfer limitations, security breach notification. INAI (National Institute for Transparency, Access to Information and Personal Data Protection) enforces.
Penalties: Up to 1.9M days of minimum wage (~$5M USD); INAI can also suspend data processing.
Why it matters: USMCA (US-Mexico-Canada Agreement) trade obligations are pushing toward privacy regime interoperability. A bilingual (Spanish/English) gate package covering both LFPDPPP and US frameworks serves the massive US-Mexico cross-border commerce market. First-mover advantage: LFPDPPP is less automated than GDPR; the market has fewer vendors and lower expectations.