DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

馃嚥馃嚱 North America

Cookie consent in M茅xico

Consent and privacy law in M茅xico

In short
Mexico's private sector law is the Federal Law on the Protection of Personal Data Held by Private Parties, dating from 2010 and historically overseen by INAI. A distinctive feature is the privacy notice, the aviso de privacidad, which is a mandatory and detailed disclosure that must be provided to data subjects. Consent can be tacit for ordinary data, meaning silence after a notice can suffice, but express consent is required for financial and sensitive data, and written consent for sensitive data. This tacit consent model is softer than the EU approach. Note that Mexico has been restructuring its transparency bodies, so the supervising authority arrangements have been in transition.
Authority
Instituto Nacional de Transparencia, Acceso a la Informaci贸n y Protecci贸n de Datos Personales (INAI)
Status

Federal Law on the Protection of Personal Data Held by Private Parties since 2010

Primary law
LFPDPPP
Languages

es-419

Who must comply

Private parties that process personal data in Mexico, including controllers and processors handling data of individuals in Mexico.

Penalties

Fines historically up to around 320,000 days of minimum wage for serious violations

Key obligations

  • Make a privacy notice available before collecting data
  • Obtain express consent for sensitive personal data
  • Honor the ARCO rights of access, rectification, cancellation and opposition
  • Appoint a person or department for personal data protection
  • Adopt security measures appropriate to the data

Local guidance

  • Publish a complete aviso de privacidad
  • Use express consent for financial and sensitive data
  • Provide notices in Spanish
  • Track the restructuring of Mexico's data protection authority

How ConsentX helps

  • Privacy-notice-first banner shown before collection
  • Express opt-in capture for sensitive categories
  • ARCO rights request intake and workflow
  • Consent and notice receipts for evidence
  • Region rule engine tuned for Mexico
Get started free
yoursite.com
馃嚥馃嚱 Mexico

We value your privacy

We ask for your consent before any non-essential cookie, with the rules that apply in your region.

Allow allReject non-essentialManage preferences

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with Mexico using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under Mexico.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that Mexico requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a Mexico audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

What is an aviso de privacidad?+

It is the mandatory privacy notice required under Mexican law. It must clearly tell data subjects what data is collected, the purposes, and how to exercise their rights, and it is a central compliance obligation.

Does Mexico require opt-in consent?+

For ordinary data, consent can be tacit, meaning silence after a privacy notice can suffice. Express consent is required for financial data, and written consent for sensitive data.

Governing law

馃嚥馃嚱 LFPDPPP

Other countries in North America

馃嚭馃嚫 United States馃嚚馃嚘 Canada