The Supreme Court of Justice of Mexico (SCJN) is about to issue its decision on an injunction against a provision of the Federal Telecommunications Act (also known as Ley Telecom) that requires telephone companies and internet service providers to retain data about their users’ communications for a period of 24 months.
In September 2014, our colleagues at the digital rights NGO, Red en Defensa de los Derechos Digitales (R3D.mx), filed an injunction against Articles 189 and 190 of the Ley Telecom after the National Human Rights Commission (CNDH) and the Federal Institute for Access to Public Information and Data Protection (INAI)—two offices with legal authority to file actions of unconstitutionality against the Ley Telecom—failed to do so. A court denied the injunction in February 2015, but R3D.mx filed a recourse of revision and received a favorable ruling by another court in August 2015. The case was then referred to the Mexican Supreme Court.
Telecommunications companies in Mexico are required to store vast amounts of metadata, which violates the privacy of millions of Mexican citizens. The law requires that telecommunications companies retain the following:
a) The user's name, business name, or corporate name and address;
b) The type of communication (voice transmission, voicemail, SMS), employed services (call forwarding and transfers), and messenger or multimedia services that have been used (including short messaging services and multimedia and advanced services);
c) Data about the origin and destination of mobile communications, including destination number and types of line service;
d) Data about the date, time, and duration of the communication;
e) The date and time of the first service activation and localization tag (Cell ID);
f) When appropriate, the identification and technical characteristics of the device, including international ID codes of the subscriber and the device manufacturer;
g) The geographical position of the lines
EFF supports R3D.mx in their fight against mandatory data retention. Two years after the Telecom Law was reformed, the Mexican state has still not caught up to its international human rights obligations; mandatory data retention is an unnecessary and disproportionate measure that affects the privacy rights of millions of Mexicans. The Telecom law also allows warrantless access to the retained metadata, contrary to international human rights standards. Determinations related to communications surveillance must be made by a competent judicial authority that is impartial and independent.
In June 2015, EFF and R3D.mx released "¿Quién Defiende Tus Datos?", a report based on EFF's annual "Who Has Your Back?" publication. It evaluated the privacy practices of ISPs based in Mexico and found that the companies that millions of Mexicans use every day have very poor privacy practices when it comes to protecting the data of their users even when all of the evaluated companies, except for Megacable, have publicly advocated for user privacy in front of Mexico’s Congress and other regulatory bodies such as the Federal Institute of Telecommunications (IFT).
EFF, along with several other digital rights organizations, has signed onto a letter directed to the Mexican Supreme Court that promotes the right to privacy and urges the Court to outlaw mandatory data retention in Mexico. From the letter:
The Supreme Court has the historic opportunity to establish a precedent of privacy protection in Mexico and replicate the international trends on the issue. Conversely, if they validate the unchecked surveillance facilitated by the Telecommunications Law, the Supreme Court would send the extremely dangerous message that everything goes in the name of security – including those measures that, far from protecting it, would compromise it even more, especially in the context of the human rights crisis the country is facing
For more, read the full text.