DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

πŸ‡ΊπŸ‡Ύ Latin America & Caribbean

Cookie consent in Uruguay

Consent and privacy law in Uruguay

In short
Uruguay's Law No. 18.331 dates from 2008 and was, like Argentina, granted an EU adequacy decision, making it a trusted destination for EU data transfers. It is enforced by the URCDP. Later reforms added accountability principles, mandatory data protection officers for certain organisations, breach notification, and extraterritorial reach. Consent must generally be prior, free, express, and informed, an opt-in model, with stricter rules for sensitive data. Privacy notices in Spanish are expected. Uruguay also operates a database registration requirement. The combination of EU adequacy and modern accountability rules makes Uruguay one of the more mature LATAM regimes.
Authority
Unidad Reguladora y de Control de Datos Personales (URCDP)
Status

Law No. 18.331 since 2008, with later updates including accountability and DPO rules

Primary law
Law 18.331
Languages

es-419

Who must comply

Public and private databases and anyone processing personal data of individuals in Uruguay.

Penalties

Administrative fines and sanctions imposed by the URCDP

Key obligations

  • Obtain prior, free, informed and express consent
  • Register databases with the regulatory unit
  • Provide notice of purpose and recipients
  • Honor access, rectification and deletion rights
  • Report data breaches to the regulatory unit

Local guidance

  • Rely on Uruguay's EU adequacy status for transfers
  • Appoint a data protection officer where required
  • Use prior, free, express, and informed consent
  • Provide notices in Spanish

How ConsentX helps

  • Prior and express opt-in consent capture
  • Clear purpose notice for visitors in Uruguay
  • Rights request workflow
  • Consent receipts and evidence
  • Region rule engine tuned for Uruguay
Get started free
yoursite.com
πŸ‡ΊπŸ‡Ύ Uruguay

We value your privacy

We ask for your consent before any non-essential cookie, with the rules that apply in your region.

Allow allReject non-essentialManage preferences

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with Uruguay using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under Uruguay.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that Uruguay requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a Uruguay audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Does Uruguay have EU adequacy?+

Yes. Uruguay received an EU adequacy decision, which allows personal data to flow freely from the EU to Uruguay, similar to Argentina.

Which authority enforces privacy in Uruguay?+

The URCDP, the Regulatory and Personal Data Control Unit, enforces Law No. 18.331 and its later reforms in Uruguay.

Governing law

πŸ‡ΊπŸ‡Ύ Law 18.331

Other countries in Latin America & Caribbean

πŸ‡§πŸ‡· BrasilπŸ‡¦πŸ‡· ArgentinaπŸ‡¨πŸ‡± ChileπŸ‡¨πŸ‡΄ ColombiaπŸ‡΅πŸ‡ͺ PerΓΊπŸ‡ͺπŸ‡¨ Ecuador