Mexico - LFPDPPP (Ley Federal de Proteccion de Datos Personales en Posesion de los Particulares)

Modified on Tue, 27 Jun, 2023 at 3:52 PM

Data protection in Mexico and LFPDPPP cookies regulation.


Data security in Mexico is primarily governed by the Federal Law for Safeguarding Personal Data in the Possession of Private Parties (Federal Law for Personal Data Protection in Private Hands), also known as the LFPDPPP, which was established in 2010. This legislation outlines the guidelines for private entities when it comes to gathering, handling, and disclosing individuals' personal data. The responsible authority for enforcing this law is the National Institute for Transparency, Access to Information, and Personal Data Protection (INAI), which investigates reported violations and imposes substantial penalties on those found guilty.


In terms of consent and cookie regulations, the LFPDPPP and its corresponding regulations do not explicitly address cookie usage or provide detailed prerequisites for obtaining consent in relation to cookies. However, the law does require data controllers to inform individuals about the purposes of data processing and obtain their consent when necessary. In the case of cookies, which are frequently employed for online tracking and the collection of personal information, it is generally recommended to obtain explicit and informed consent from users prior to placing cookies on their devices.


If you want to know more about the different regulations you can access our article "Laws and regulations for each region"




Cookie Banner to comply with LFPDPPP.


Taking into account that as a data controller, you must obtain user consent to collect and use personal information, solely for specific purposes, and this consent must be explicit, with users having the ability to withdraw it at any time, the banner should comply with the following:


  • Include a Button to Accept Cookies: The text in the cookie banner and the button must make it clear that by clicking the button the user agrees to the deployment of cookies.
  • Include a Button to Reject Cookies: Although it does not specifically clarify a button as in other cases, we must provide an opt-out option that “takes effect immediately and is consistent.”
  • Provide Detailed Information About Cookie Use: The cookie banner should contain information about why the website uses cookies. For example, does it collect data for analytics, advertising, or social media purposes?
  • Alert the User if the Website Shares Data with Third Parties: If the website shares the data collected through cookies with third parties the cookie banner should explain this.
  • Link to the Website’s Cookie Policy: Here the website will provide further information about the cookies in use on the site, including a list of all the cookies.
  • Include a Link to the Cookie Settings: This isn’t required under GDPR as long as users have the choice to reject all cookies. However, it does have the benefit of allowing users who would otherwise reject all cookies to permit some forms of data collection. 


Observations: With illow´s GLOBAL banner, your site will be ready to comply with this regulation.



If you want to know the different types of banner cookies that you can find on our platform, access our article "Types of banners you will find on our platform"


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article