Mexico’s new self-regulatory certification system: is it relevant for companies outside Mexico?

We explain the advantages of Mexico’s self-regulatory certification system in the November issue of Managing Intellectual Property.

Foreign multinational companies doing business in Mexico or with Mexican companies, and wishing to streamline their international data transfer flows should take note of a recent development: a sophisticated self-regulatory system that is being implemented, and will be deployed from the end of this year.  This will benefit all companies seeking a flexible way to comply with the Mexican data protection legal framework from next year’s first quarter.

Mexico City.  Credit: Google Maps. (Image available at

Mexico City. Credit: Google Maps.

In January of this year, Mexico’s Ministry of Economy (Secretaría de Economía) published the Parameters for a Binding Self-Regulatory Certification System (Parámetros para el correcto desarrollo de los esquemas de autorregulación vinculante, the “Parameters”), as part of efforts to help companies doing business in Mexico comply with the country’s data protection legal framework.  It is also part of promoting compliance with the law among Mexican companies, and implementing the Asia Pacific Economic Cooperation’s (APEC) Cross-Border Privacy Rules (CBPR) framework into the national legal system.  In the same month, APEC announced that Mexico had become the second formal participant in the CBPR framework, following the United States, which became the first formal participant in July 2012.  In September, the Mexican Data Protection Authority (IFAI) established the Operating Rules of the Registry of Binding Self-Regulatory Data Protection Schemes (Reglas de Operación del Registro de Esquemas de Autorregulación Vinculante en Materia de Protección de Datos Personales).

Read it further online or in its magazine version.