Technology Regulation

Captura de pantalla 2016-05-12 a las 11.37.47 p.m.

It is my distinct privilege to convey to you that the prestigious ranking of data protection law firms in Mexico by Leaders League has ranked my practice as “Excellent” for the second year straight. I’m honored to be included among such noted practitioners as Héctor Guzmán from BGBG, Agustín Ríos from R1OS, Bufete Soni and Lex Informática.

Thanks and gratitude are in order to friends who’ve provided encouragement and references, as well as to our esteemed clients who have trusted us with their requirements for compliance and advisory and also to Leaders League.

It further commits efforts to not just remain in that tier, but to reach the one and become “Leading”.



google-law-gavel - Copy

Timing is of the essence, and the release of the communiqué by IFAI, Mexico’s data protection authority, announcing its decision to fine Google Mexico for failing to comply with an individual’s objection to the processing of his data and IFAI subsequent order thereto, is no exception. It was released exactly one week ago, right on the eve of international data privacy day, and therefore remarked upon almost every single one of the participants in the conferences organized for that date. It was also very timely released less than 20 days after the political analysis magazine “Proceso” questioned IFAI’s unwillingness to act against Google, on grounds that it was near and dear to the current administration’s digital agenda, seemingly implying that afforded the search giant some measure of immunity.

However now IFAI ranks up there with countries such as the United States, Germany, the Netherlands and Spain, which have in one way or another acted against Google for transgressions to their privacy frameworks; however it is not the first time that Google has come before IFAI’s crosshairs, and also while many privacy commentators and scholars opine that this case bears a strong resemblance to the “Costeja Case” of the Spanish Privacy Agency and European Court of Justice regarding the “right to be forgotten”, there are important nuances to it.

Key ideas following here folks: as of June 2002 there is a “FOIA-equivalent” Transparency Law in force in Mexico, which includes provisions on privacy regarding personal information in the power of agencies and instrumentalities of the Federal government. In 2009 the Mexican Constitution was amended for the right to data protection to be included among the human rights protected by it, and afford Federal Congress the power to pass laws thereupon. About a year thereafter Mexico’s federal privacy law (Ley Federal de Protección de Datos Personales en Posesión de los Particulares or LFPDPPP) was enacted. The amendment to the Constitution and both Federal statutes follow the model set by the European Union’s Privacy Directive, providing for 4 fundamental appurtenances of individuals as concerns the processing of their personal information:

  1. Access thereto;
  2. Rectification thereof;
  3. Cancellation thereof, and
  4. Opposition (to the processing thereof).

Having outlined the above, this is not the first time Google and IFAI have met face to face. In March 2011 IFAI ruled on case 4198/09, concerning the petition of an individual to the Federal Labor Board (the administrative court that hears labor cases in Mexico) for its online-searchable daily bulletin of cases to be heard on a given date to not include his name, so as to prevent him from being rejected by future employers on grounds of having sued a former employer.The petitioner had to sue in Federal court in order for his request to be honored by said Board and IFAI itself, following which the latter found on review that the measures proposed by the Board had been appropiate and in compliance with the rulin in the case wherein the Board proposed to:

  • Modify the format o the files used to publish the Bulletin on the Board’s website, so that search engines cannot find and index the individual’s name with regards to the labor case concerned, and
  • Directly request Google to delete from its indexes the information concerning the individual’s name with regards to the labor case concerned.

The record shows that the Board did reach out to Google therefor; however it remains unknown whether or not Google complied with the Boards request.

Then on March 2014, IFAI ruled on a verification proceeding initiated relative to Google for its caché of a website under the domain, which belongs to Nexus World LLP in the UK, for which a person complained about on grounds that the original source for the infringing information had removed it, but Google had not.

Google Mexico was served with a request for information to which it replied in terms that are relevant for the sanctions case at hand, so bear this in mid: it responded that as per its current bylaws its corporate purpose includes (bylaws in Mexico have these ridiculously long listings of things the corporation may do in pursuing its corporate purpose)…

1. Commercializing and selling online advertising and products and services for direct commercialization, in Mexico or abroad, on its own behalf or the behalf of third parties, as well as to provide all kinds of services through electronic means, including but not limited to, search engine, instant messaging, email, storage, reproduction and broadcast and retransmission of of data, and similar, annex and related services.

However another key concept is also quoted on that reply from Google Mexico to IFAI:

Notwithstanding the breadth of its corporate purpose, the activities that my principal in fact performs in Mexico center on those described in numeral 7 of article Third in its bylaws, particularly in the purveyance of administrative, financial, advisory and consulting services for corporations.

7. Receiving from other persons, individuals or corporations, as well as providing said individual or corporations whichever services necessary to comply with their corporate purposes, including but not limited to, administrative, financial, technical assistance, advisory and consulting services.

And then it underscored:

My principal does not provide the search engine service, as said service is provided by Google, Inc., an American corporation that owns the corresponding technological platform, with domicile at 1600 Amphitheatre Parkway, Mountain View…which operates and provides, amongst others, the search engine service for its users using its own servers and equipment. Therefore my principal does not gather nor process personal information of the users of the services provided by Google Inc.

Consequently,…Google Mexico, s de R.L. de C.V., is not the corporation that owns nor is responsible for the operation of the search engine service, as said services is offered and managed by Google, Inc. …Google, Inc., and Google Mexico, S. de R.L. de C.V., are different corporations, besides Google Mexico, S. de R.L. de C.V. is not a liaison office, branch or representative office of Google, Inc.

It further underscored that “Google Mexico only processes personal information of its employees and the databases that include physical files that contain them are the only elements that are protected pursuant to the LFPDPPP, and that exist in its facilities, and so it has been attested by the Verifiers…”

What follows is material for the instant case; in the Third finding (“Considerando Tercero”) to IFAI’s resolution in the verification proceeding said data protection authority stated that “[f]rom the information in the file being acted upon it is found that as regards the services relative to the search engine and email that in their time gave rise to the opening of the file that is acted upon, as well as the statements of the Complainant in his writ of February 6, 2014, these are provided by Google, Inc., a corporation domiciled in the United States of America, over which this Institute lacks jurisdiction by territory, as it escapes the content of the LFPDPPP, as provided for in its article 1 and is not within the provisions of article 4 of its Regulations…”

Based on the foregoing, IFAI found that there had been no violations of Google to the LFPDPPP, and resolved to have the file archived without further consequence thereto.

Bearing the above in mind, now consider that the instant case was initiated by a complaint dated July 22, 2014, wherein an individual referred having exercised his rights to the cancellation of his data and opposition to the processing thereof before Google with regards to 3 URLs found through its search engine, but having had no reply thereto, whatsoever, from Google Mexico, which is in and of itself a violation of the LFPDPPP. He claims that the information which deletion he requested included his name, his brothers’ (however the record does not refer that the complainant had authority and standing to represent his siblings) and his late father’s (also no reference to standing as executor of the gentleman’s estate), as well as “…clipped and out-of-context information on my activities as a businessman and merchant, which not only affects my most intimate sphere (honor and private life), but also current commercial and financial relationships…said information entails a grave risk to my personal security and physical integrity, as it is information linked to financial, patrimonial and judicial aspects…said information was uploaded and published to the “Google” search engine without my consent”.

The above assertions by the complainant are interesting, insofar as Roman numeral II in article 5 in the Regulations to the LFPDPPP exempt information concerning individuals in their capacity as merchants from its provisions; while that poses legality issues that could lend themselves to successful challenges thereto in court, fact is that IFAI is bound by said Regulations and should therefore not have considered that information as protected under them and the LFPDPP. However it decided to move forward with the case, as per the complainant’s assertions Google failed to respond to his petition, which under the LFPDPP provides for a cause of action before said Institute under a “Rights Protection Proceeding”, whereby IFAI may find for fault on the part of the Data Controller and order for the request to be complied with, but also mediate between the parties involved.

The bold assertions by the claimant’s counsel include statements that “Google (Mexico) possesses, controls, processes, authorizes, facilitates, shares, provides, makes possible, distributes, aids and abets the undue processing of sensitive personal data of our client, by allowing for information that does not comply with the requirements of the law, and much less with the principles… that govern the processing of personal information, to be uploaded, published and displayed through its “Google” search engine…”.

Anecdotally, it seems that an inappropriately redacted public version of the file was released at some point and has been blogged and reposted by a number of commentators (just as in the Liverpool department store breach case, this blog deals in legal scholarship and not news, so it refrains from further facilitating access to information that was or is not meant to be made public by its originators and thus no hyperlinks to the leaked copy of the file are included), wherein enough information of the search results was visible to allow readers to trace the allegedly infringing URLs the complainant complained about and realize that it had to do with a transport company and allegations that it was one of many favored by the bank bailout of the mid-90s (re: “Fobaproa”). In this sense the case may have the same ironic, undesirable and unexpected collateral effect as the Costeja Case: instead of achieving oblivion, the complainant’s identity and data involved in the case will become pervasive in future discussions and comments on the case. Perhaps there are instances where a good SEO strategy yields better results than the law?

IFAI’s requests for information regarding the instant case, regarding it relationship to Google International, LLC, and Google, Inc., as well as the search engine services it provides, whether it has servers of its own, how its services are, or are not, linked to the aforesaid partners, etc., were responded much in the same way as those in the verification case previously discussed, with Google Mexico reiterating that it does not operate or provide in any way services on behalf of Google Inc., does not have servers of its own and doesn’t provide, in any way, search engine services, which are provided by Google Inc.

However IFAI departed from its criteria set in the previous case, and the Second finding in the ruling for this one established as the cornerstone for the decision to sanction Google Mexico exactly what the Third finding established as the cornerstone to absolve it: regardless that Google Mexico has no servers of its own and does not actually provide the search engine service in and of its own, as there is a provision in its bylaws whereby its corporate purpose includes the purveyance of such services it therefore does provide them and is consequently bound by the LFPDPPP with regards to them. To support this statement IFAI’s verification officers certified screenshots of searches of the complainant’s name made through, as well as of Google’s pages dealing with its Terms and Conditions, “About”, “Locations”, etc., on which grounds said Institute found that Google Mexico did provide search engine services that amount to processing of personal data, and is therefore bound by the LFPDPPP, under obligation to comply with the claimant’s petition and subject to that proceeding.

In this point one might wonder if the whole thing could have been prevented if Google Mexico had replied to the claimant’s petition; the answer, for short, is “NO”: under the LFPDPPP an individual has cause for action in a Rights Protection Proceeding not only if the Data Controller does not respond to his petition, but also if he’s in disagreement with the response. However, even if Google Mexico weren’t the Data Controller, it should have responded to the claimant, as articles 95 and 98 of the Regulations to the LFPDPPP state that all petitions by individuals must be responded by Data Controllers, whether or not they possess personal data of the petitioning individuals. IFAI further found that Google Mexico was in fact the Controller of the Data processed as concerns the instant case, and that it failed to invoke any of the exceptions in the law to the obligation to respond to an individual’s petition, or a legal impediment thereto.

It consequently ordered Google Mexico to perform the actions necessary to implement the complainants rights to have his personal data cancelled from its search results and to oppose such processing thereof, within the 10 business days following notice of the ruling, by abstaining from processing said data in such a way that after typing the complainant’s name the URLs quoted in the initial complaint no longer show up, and by having said details cancelled from its databases…although there is record from another case that Google Mexico has no such databases.

Google Mexico could not possibly (technically nor materially) comply with the foregoing; but  in addition to the above, IFAI found that Google Mexico did not comply with the complainants initial petition and carried on with the illegitimate processing of his personal data, so that there were grounds to initiate a sanctioning proceeding against Google Mexico, which the latter would appear may have ample chances of successfully challenging if it came to a fine being assessed against it.

As other privacy practitioners and commentators have remarked and underscored, this case bears an inextricable nexus with the aforementioned Costeja Case, so much so that IFAI itself quoted the ruling thereupon by the European Court of Justice (page 34 of the file). However, as the usual length for a blog entry has been exceeded by far herein, comments on that particular issue will be made tomorrow, in the next entry hereto.

Card&Phone - CopyThe position of the United States at the vanguard of fields such as finance and technology may lend itself to create the impression that its legal framework is as progressive as its companies in those lines of business. However that’s not always the case; following are three instances where Mexico actually moved ahead of the USA, regulation-wise:

  • Mexico created an agency mandated to protect users of financial services in instances where their purveyors of financial services were not compliant with the law.

Following the financial meltdown nearly 20 years ago interest rates for financial products, whether credit cards, car loans or mortgages, skyrocketed in Mexico; people were unable to comply with their financial commitments and lost their homes, had their cars repossessed or their assets garnished. Of course this prompted widespread protests, and many politicians reaped dividends by demonizing financial institutions, but the national conversation on those issues brought about the creation of an “Ombudsman” in the financial services industry: the National Commission for the Protection and Defense of Users of Financial Services (CONDUSEF as per its acronym in Spanish).

This agency has faced many challenges, and still does; mainly its “teeth” are not sharp enough, its last three Chairs have steered it more towards facilitating financial education and information to the public. For instance, it recently instituted a Financial Institution Rating Website, where users can check for information on how the banks to which they would apply for credit rate relative to each other compliance-wise, sort of in the same way those institutions can assess applicants based on their credit rating.

Apparently such legislative developments are only brought about by widespread financial turmoil: conversely the United Stated created its financial services Ombudsman, the Bureau of Consumer Financial Protection (CFPB) after the Dodd–Frank Wall Street Reform and Consumer Protection Act was passed in 2010, and began working until 2011 following heated debates over President Obama’s proposal to appoint Harvard Law Professor Elizabeth Warren, who first proposed one such agency, to Chair it.

In sum, Mexico has been over a decade ahead of the United States as concerns the enforcement of financial regulations relative to the public.

  • Banks in Mexico are obligated to issue credit cards which are safer than those issues by banks in the USA. Bank cards the world over are made following ISO 7810 and ISO 7813 standards; that’s how come it’s possible for your card to be swiped at point-of-sale terminals and work in ATMs the world over. Those standards cover aspects such as toxicity of materials, flammability, stiffness (how much the card should bend), how characters (your name, the issuer’s identification number) are embossed onto it, their magnetic stripes, integrated circuits and the track data in them, etc.

Disclosures on data breaches at large retailers such as Target, last year, and more recently The Home Depot, have put credit card and point-of-sale terminal technology on the spotlight. In addition to apparent negligence in implementing security controls, one rather large issue is also the common denominator: that bank cards issued by banks in the United States still rely on magnetic stripes for the storage of data that authenticates the transaction, and that is easily copied or stolen by thieves or hackers. As WIRED Magazine explains in a recent piece:

The fatal problem with the credit card magstripe is that it’s only a container for unchanging, static data. And if static data is compromised anywhere in the processing chain, it can be passed around, copied, bought and sold at will.

Now, after resisting it for 10 years because of the formidable transition costs, the US is about to finally embrace the secure chip-based authentication system called EMV—the standard was pioneered by Europay, MasterCard, and Visa—that the rest of the world has already adopted. Pushed by mounting fraud costs, credit card companies have crafted incentives for merchants to switch to the sophisticated readers needed to accept the cards.

While the New York Times piece in the link above on the Target breach underscores that “The new debit and credit card technology, called chip and PIN, is widely used in Europe and considered to be far more secure than most cards used in the United States, which rely on magnetic strips,” it should be noted that Mexico’s National Banking and Securities Commission has steered banks towards substituting magnetic stripe with integrated circuits for over 4.8 years now: as per its General Provisions Applicable to Credit Institutions that approve transactions made without the use of integrated circuits, whether in ATMS or point-of-sale terminals are bound to agree with their Users (in their respective service agreements) that they (the banks) shall undertake the risks, and therefore the costs, of transactions disavowed by said Users when using such cards, and that the claims from such transactions shall be credited to those Users, at the latest, 48 hours after the filing of the respective claim.

The flip side is that the banks are allowed by regulation to regard the information in such integrated circuits as a Category-3 Authentication Factor for transactions made through ATMs and POS terminals, which obtain the cards’ information through such circuits; that is to say, transactions which require for the card with the circuit to have been present in the moment of the transaction. At that point one could assume that the situation would be no different from one in which a card with a magstripe were involved; however the key here is that information in the circuits is not static and is encrypted, so that even if it had been copied during one transaction it still could not be used for others afterwards.

So to that regard Mexico will have been a good 5 years ahead of the United States in credit card security by the time the US transitions from magstripe cards to cards with integrated circuits.

  • Mexico passed regulations making unlocking of mobile phones legal before the USA did.

For years now mobile carriers have entrenched themselves by offering handsets which price is bundled with the fee for their service plans; but once the mandatory term for the plan is over the user is faced with the choice between continuing to cope with her former carrier, usually upgrading to a newer (and hopefully) better handset (which Apple facilitates a lot by releasing a new iPhone every year and a half or so), or moving onto another carrier and having to procure another handset from it, as the old one would only work in the network of the previous carrier. That is evidently a pain and unfair to consumers; after all, one the term for the plan is over and done, the handset has been paid for (often in excess), so the user ought to be able to keep using it, even with a competitor of the carrier.

For sure “jailbeaking” has been possible for awhile now, and even ruled by the Copyright Office of the United States to be an exception to the Digital Millennium Copyright Act (the DMCA). but it is not without risk, as it may impair you from access to essential updates or applications, and removing the protections originally put in place by the developer can put the device and information contained in it at significant risk. However unlocking your device is an entirely different proposition.

Acknowledging a basic right of consumers, Mexico’s Ministry of Economy passed on August 28th, 2012, Mexican Official Norm NOM-184-SCFI-2012, an administrative regulation whereby carriers are under obligation to inform if the handset provided to the consumer is blocked to only be used in its network, and how it can be unlocked, at no additional cost, to be used on other networks once the consumer has acquired title to the handset, whether for the mandatory term of the service agreement having lapsed or having paid for it in full. For sure, as in many other instances, at the outset and notwithstanding there were hurdles to overcome in getting a device unlocked, such as alleged ignorance or misinformation at service centers.

Conversely, it wasn’t until after a long time of public comment and the EFF’s activism that this year President Obama signed into law the “Unlocking Consumer Choice and Wireless Competition Act“, which affords users the right to have their handsets unlocked to be further used on another carrier’s network.

Overall, at least in these three items Mexico moved way ahead of the United States.


applewatch - CopyTuesday September 9th was the day that follower of Apple’s hoopla looked forward to, as the company from Cupertino had, as customary, gotten folks the world over hooked on its ballyhoo (performance and release of album by U2 included) over the iPhone 6 and its wearable device, which everybody expected would be named as “iWatch”, following the branding convention set since the iMac, the first iPhone, the iPod (which will now be laid to rest -apparently Apple finally conceded that its devices were overlapping-), the iPad, and the service platform attached to them, such as the desecrated (since the “#CelebGate”) iCloud and even the “iForgot” password retrieval feature.

However this wearable device, the thing of science fiction less than 30 years ago (when the Dick Tracy film was released), did not follow that branding convention. The New York Times ran a piece on it today, and so did I over a year ago. It essentially boils down to a matter of intellectual property, more specifically of trademark prosecution: the Times reports that since Apple was about to launch its TV product and Steve Jobs hinted it might be called “iTV”, the British broadcaster ITV PLC would oppose it. Apparently now Swatch followed suit and took preemptive measures with the trademark offices of the world to make it known that Apple’s attempts to brand this device as an “iWatch” could lead to confusion relative to their iSwatch product (registered with Mexico’s Trademark Office “IMPI” -you can look them up through their MARCANET service-) for products under NCL 14 (clocks and watches), 35 (advertising and retail sales thereof) as well as 37 (repair thereof),

In the case of Mexico, as noted in that post herein from July 4th, 2013 and reported by news journal Reforma, a third party filed to register iWatch in advance of Apple, and ultimately both ran into a prior registration granted in 2011 to an Italian company “I’m, SpA”, which began selling its I’m Watch in 2013. And that has not been the only case in which Apple found such obstacles to the pursuit of its naming convention; since last year the press in Mexico reported extensively on the case that mobile carriers here lost against a Mexican company that had secured the registration for “iFone” since 2002, under which resolution hefty fines were assessed against all three then-major carriers but not against Apple, as iFone, S.A. de C.V., had secured said registration for the head-class of Telecomm Services (NCL 38), but apparently not for equipment therefor (NCL 9).

In sum this case illustrates quite clearly how challenging it can be for a global company to follow and implement a branding convention the world over. For sure a company can file for “preemptive” or “defensive” registrations, but unlike domain names trade and service marks cannot be stockpiled indefinetly; both US and Mexican trademark law provide for a term of 3 years for a registered trade or service mark to be effectively used in commerce, or otherwise registrations thereof may be cancelled. It may be difficult for design and development departments to meet with that time window in getting products or services to the market.

Also it often happens that legal and marketing don’t see eye-to-eye, and that is generally a matter of mindsets. Whereas MKT would love for its brands to be the top of mind of consumers in their market niche, for legal that would mean risking the loss of registrations thereof on account of such marks becoming generic, and that would result in loss of valuable intangible assets. This day in age its essential for MKT to regard legal as an allied and an enabler, and for legal to guide MKT through the intricacies and nuances of intellectual property law in a way that affords the company’s intangible assets the best protection possible.

This video from “Magic Circle” London firm Freshfields, Bruckhaus, Deringer illustrates how and why privacy compliance is much less costly than risking a cyber-attack, and some preemptive measures against such attacks.

Steps outlined to be taken are the following:

  1.  Assess your businesses’s relevant information, where it’s at and how it is protected;
  2. Be joined (by a cross-functional committee) in managing risk;
  3. Have contractual protections, allocating and excluding liability if and where applicable, including insurance if possible;
  4. Readiness: rehearse responses.

The dire consequences of cyber-attacks have been illustrated in current affairs media by Sony’s settlement of a class action suit for the breach of its PlayStation userbase, as well as by the attack against Target, which even lead to the ousting of Board members, and more recently Home Depot’s.

You try and do the math as to which is more costly between investing in privacy compliance and having your business take its chances in an equation where the variable for the cost (financial and reputational) of a breach cannot be determined ex ante, but the laws do provide for parameters to assess fines.


cctv3 - CopyPrevio a la promulgación de la Ley Federal de Telecomunicaciones, diversos medios publicaron múltiples comentarios sobre la afectación que los artículos 189 y 190 del proyecto de Decreto aprobado por el Congreso de la Unión suponen para la protección de datos consagrada en el artículo 16, párrafo segundo, de la Constitución Política de los Estados Unidos Mexicanos, sobre lo cual se comentó en este blog el 4 y 28 de julio de este año.

El tema se resume en que los artículos referidos obligan a los autorizadosy proveedores de servicios de aplicaciones y contenidos a atender todo mandamiento por escrito, fundado y motivado de la autoridad competente, referida de manera muy genérica como “instancias de seguridad y procuración de justicia”, cuyos titulares podrán designar, mediante acuerdos publicados en el Diario Oficial de la Federación, a los servidores públicos encargados de gestionar tales requerimientos que se realicen y recibir la información correspondiente a la localización geográfica, en tiempo real, de los equipos de comunicación móvil, so pena de sanción de la autoridad por desacato.

Hoy día el Reforma reporta que la Unidad de Inteligencia Financiera de la Secretaría de Hacienda y Crédito Público presentó a la Comisión Federal de Mejora Regulatoria el proyecto de Acuerdo por el que el Titular de esa Unidad designa a los Servidores Públicos que se mencionan en el mismo, para efecto de lo dispuesto en el citado artículo 189 de la #LeyTelecomm, designando como tales a los titulares de la propia Unidad de Inteligencia Financiera, y a su Dirección General de Procesos Legales.

El encabezado de prensa pareciera ser sensacionalista y amedrentar a muchos: “Rastreará SHCP a evasores por celular“. Al respecto hay que considerar si las facultades de la UIF atañen a la seguridad y procuración de justicia; naturalmente dicha Unidad lo estima así, y por ello motiva el proyecto presentado a COFEMER indicando que el artículo 15 del Reglamento Interior de la SHCP le otorga competencia para denunciar ante el Ministerio Público Federal las conductas que pudieran favorecer, prestar ayuda, auxilio o cooperación de cualquier especie para la comisión de esos delitos (art. 15, fracción XIII), por lo que se ajustaría al extremo previsto en el citado artículo 189 de la Ley Federal de Telecomunicaciones y Radiodifusión.

Al respecto debe considerarse que los tipos penales referidos en la norma del Reglamento Interior que se cita, comúnmente conocidos como “lavado de dinero”, son esencialmente accesorios; es decir, aunque son penados en sí mismos aunque sirven como medio para la comisión de otros actos previstos como delito por los artículos 139 Quáter y 400 Bis del Código Penal Federal, y de la lectura del proyecto de Acuerdo se podría interpretar que la intención del Titular de la UIF sería acotar su ejercicio de la facultad prevista en el referido artículo 189 a su actuación respecto de los mismos. Adicionalmente, la fracción XI del citado artículo del Reglamento Interior la faculta también para “coordinarse con las autoridades fiscales para la práctica de los actos de fiscalización que resulten necesarios con motivo del ejercicio de las facultades conferidas conforme al citado artículo; por lo tanto, el rastreo mediante geolocalización en tiempo real de dispositivos de telecomunicación móvil debería darse solamente en los casos en que la “evasión fiscal” hubiera sido una de las conductas punibles de las que se hubieran obtenido los recursos con los que se hubieran realizado las operaciones investigadas hubieran derivado de alguna de las conductas previstas en el artículo 400 Bis del Código Penal Federal hubieran sido producto de la comisión de alguna de las conductas previstas en los artículos 108 a 111 del Código Fiscal de la Federación.

En los meses siguientes se verá, sin duda, a muchas otras autoridades administrativas presentar ante la COFEMER sus respectivos proyectos de Acuerdo para los mismos efectos. Posiblemente ello contribuya para paliar, en la práctica y de manera fáctica, la falta de claridad y ambigüedad del multicitado artículo 189 de la Ley Federal de Telecomunicaciones y Radiodifusión, aunque no debiera ser el caso.

Por otra parte, en breve se verá si el IFAI, en su nueva integración, resuelve afianzar su papel de garanta del acceso a la información pública y protección de datos personales, pues su pleno resolverá en su sesión del día de hoy sobre el ejercicio de la acción de inconstitucional que le fue conferido por virtud de la reciente reforma constitucional publicada en el Diario Oficial de la Federación el 7 de febrero del año en curso. La discusión se escucha reñida, y sin lugar a dudas los votos de sus Comisionados aportarán indicaciones sobre sus criterios y lo que podría esperarse de su actuación en esos puestos y de la del Instituto mismo.





Compliance Report

Compliance and Ethics Powered by Advanced Compliance Solutions


Startup and Technology News

Xavier Ribas

Derecho de las TIC y Compliance

Marcus Kazmierczak

Take To Task

Analyzing the Nonsense

Business & Money

The latest news and commentary on the economy, the markets, and business


Canal de difusión con los medios.

Martha Salamanca Docente

Blog de TICs, Redes Sociales y Multimedia Educativo

Devil's Advocate Crib

Just another site

Investigating Internet Crimes

An Introduction to Solving Crimes in Cyberspace