On December 19, 2019, the Ministry of Economy published the new regulation to the Federal Consumer Protection Law. These new rules are currently in effect and repeal the former 2006 regulation. Up until the issuance of the new regulation, consumers' personal data had been largely governed by Federal Data Protection Law (the “FDPL”). The new consumer protection regulation, however, challenges the status quo.
The new regulations set forth that consumers (data subjects) may request the correction of the personal data on the grounds of inaccuracy or erroneous. Provided that the provider fails to amend the personal data within thirty natural days, the consumer may seek relief and file a claim before the Consumer Protection Authority (“Profeco”).
The aforementioned entails a direct conflict with the FDPL, which regulates access, rectification, cancellation, and opposition rights (“ARCO Rights”). Under FDPL a data controller has a period of twenty business days to respond, plus an additional fifteen business days to implement the result. Highlighting that the FDPL runs with business days, unlike the new consumer protection regulation that employs natural days. Furthermore, there is an overlap regarding the sanctioning powers of both Profeco and the data protection authority.
This note is intended as an alert to a significant change in the privacy field that will affect a vast range of administrative decision-making with concomitant effects on suppliers and commercial entities.
The New Regulation of the Federal Consumer Protection Law can be found here.