News
Towards a Data Protection Law in Bolivia – Digital Progress, Cybersecurity, and the Constitutional Challenge
Although Bolivia has yet to enact a comprehensive personal data protection law, it has made notable strides in electronic government, cybersecurity, and state interoperability. This article examines these developments and the constitutional challenges shaping the country’s evolving digital landscape.
1. A Country with a Solid Constitutional Foundation
Bolivia currently lacks a general personal data protection law comparable to the European GDPR or to recent Latin American reforms. However, this does not imply the absence of legal protection.
The 2009 Political Constitution of the State expressly recognizes:
• The right to privacy and intimacy.
• The confidentiality of communications.
• The right to informational self-determination.
• The constitutional action for the protection of privacy as a specific constitutional guarantee.
This constitutional framework elevates personal data protection to the status of a fundamental right directly enforceable, even in the absence of a specific statute. In practice, constitutional standards of consent, purpose limitation, proportionality, and security operate as mandatory constraints upon both public and private entities.
Nevertheless, the absence of an independent supervisory authority and of a specialized administrative sanctioning regime generates a fragmented regulatory environment, in which data protection relies primarily on judicial interpretation and constitutional review.
2. Electronic Government 2025–2028: Digitalization with a Sovereign Approach
A relevant structural development is reflected in the update of the Electronic Government Implementation Plan 2025–2028, approved through Supreme Decree No. 5468, a strategic instrument prepared by the Agency for Electronic Government and Information and Communication Technologies – AGETIC.
This plan is grounded in Law No. 164 and Supreme Decree No. 2514, which established AGETIC as the governing authority in matters of digital government.
The new PIGE is structured around three strategic pillars:
i) Sovereign Government
- State data infrastructure.
- Interoperability among public entities.
- Digital Citizenship Platform.
- Cybersecurity and incident management.
ii) Efficient Government
- Administrative simplification.
- Single state portal.
- Interoperable public planning and management systems.
- Electronic commerce and payments.
iii) Open and Participatory Government
- Digital transparency.
- Open data.
- Electronic mechanisms for citizen participation.
From a privacy perspective, the most relevant pillar is the strategic line on cybersecurity and information security, which requires public entities to implement Institutional Security Plans and establishes the role of the Computer Incident Management Center (CGII).
This approach strengthens the technical dimension of data protection, even in the absence of a comprehensive framework law.
3. State Interoperability: Efficiency vs. Data Protection
The 2025–2028 Plan promotes a state interoperability platform enabling the automated exchange of data among public entities.
While this measure enhances administrative efficiency and reduces burdens on citizens, it also increases risks associated with the large-scale processing of personal data. The centralization of information requires:
- Robust technical standards.
- Clear access and traceability protocols.
- Principles of data minimization and purpose limitation.
- Permanent security audits.
In the absence of a data protection law expressly regulating inter-institutional transfers, the controlling parameter remains constitutional in nature. This implies that any data exchange must respect the original purpose of collection and the principle of proportionality.
4. Cybersecurity and Digital Sovereignty
One of the most noteworthy features of the Bolivian model is its emphasis on “technological sovereignty.” The State seeks to consolidate its own infrastructure, open standards, and centralized digital services.
The requirement that each public entity adopt an Institutional Information Security Plan constitutes a significant step toward a structured cybersecurity culture. Likewise, the CGII operates as the technical body responsible for managing computer-related incidents.
From a comparative perspective, Bolivia is strengthening the technical layer of information protection before consolidating a substantive framework of rights and obligations in the field of personal data.
5. Digitalization of the Executive Branch and Institutional Virtualization
A recent example of the State’s digital transformation process is Supreme Decree No. 5515, which authorizes the exercise of executive functions through digital mechanisms, including from outside the national territory.
This type of regulation reflects a transition toward a dematerialized model of public administration, where the validity of administrative acts may be supported by digital platforms, electronic authentication, and remote systems.
However, the digitalization of high-level state functions increases the importance of:
- System integrity.
- Robust authentication mechanisms.
- Protection against unauthorized access.
- Operational continuity protocols.
Cybersecurity ceases to be merely a technical matter and becomes an essential component of institutional stability.
6. The Pending Challenge: A Comprehensive Data Protection Law
Despite progress in electronic government and cybersecurity, Bolivia faces three structural challenges:
- The absence of a general data protection law.
- The lack of an independent supervisory authority.
- The need for harmonization with international standards.
The expansion of state digital platforms, large-scale interoperability, and electronic commerce exponentially increases the volume of processed data. Without an integral regulatory framework, protection depends almost exclusively on subsequent constitutional review.
In a regional context where multiple Latin American countries have adopted or updated their personal data laws, Bolivia faces a strategic opportunity: to enact modern legislation that integrates digital sovereignty, technological innovation, and effective protection of fundamental rights.
7. Conclusion
Bolivia is not a static country in the field of data protection; it is a country in transition.
While a comprehensive law has yet to be enacted, the State has made significant progress in digital infrastructure, interoperability, and cybersecurity. The current model prioritizes the technical construction of the state digital ecosystem, relying on the Constitution as the primary safeguard of rights.
The logical next step will be to transform this technological framework into a comprehensive regulatory system that consolidates principles, rights, and clear obligations.
For privacy and compliance professionals, Bolivia represents a particularly compelling scenario: an environment in which digitalization is advancing rapidly and where the future regulatory framework remains open to design.
The question is no longer whether Bolivia will adopt a data protection law, but when and under which regulatory model it will do so.
Article provided by INPLP members: Rodrigo Moreno (Moreno Baldivieso, Bolivia)
Discover more about the INPLP and the INPLP-Members
Dr. Tobias Höllwarth (Managing Director INPLP)
News Archiv
- Alle zeigen
- März 2026
- Februar 2026
- Jänner 2026
- Dezember 2025
- November 2025
- Oktober 2025
- September 2025
- August 2025
- Juli 2025
- Juni 2025
- Mai 2025
- April 2025
- März 2025
- Februar 2025
- Jänner 2025
- Dezember 2024
- November 2024
- Oktober 2024
- September 2024
- August 2024
- Juli 2024
- Juni 2024
- Mai 2024
- April 2024
- März 2024
- Februar 2024
- Jänner 2024
- Dezember 2023
- November 2023
- Oktober 2023
- September 2023
- August 2023
- Juli 2023
- Juni 2023
- Mai 2023
- April 2023
- März 2023
- Februar 2023
- Jänner 2023
- Dezember 2022
- November 2022
- Oktober 2022
- September 2022
- August 2022
- Juli 2022
- Mai 2022
- April 2022
- März 2022
- Februar 2022
- November 2021
- September 2021
- Juli 2021
- Mai 2021
- April 2021
- Dezember 2020
- November 2020
- Oktober 2020
- Juni 2020
- März 2020
- Dezember 2019
- Oktober 2019
- September 2019
- August 2019
- Juli 2019
- Juni 2019
- Mai 2019
- April 2019
- März 2019
- Februar 2019
- Jänner 2019
- Dezember 2018
- November 2018
- Oktober 2018
- September 2018
- August 2018
- Juli 2018
- Juni 2018
- Mai 2018
- April 2018
- März 2018
- Februar 2018
- Dezember 2017
- November 2017
- Oktober 2017
- September 2017
- August 2017
- Juli 2017
- Juni 2017
- Mai 2017
- April 2017
- März 2017
- Februar 2017
- November 2016
- Oktober 2016
- September 2016
- Juli 2016
- Juni 2016
- Mai 2016
- April 2016
- März 2016
- Februar 2016
- Jänner 2016
- Dezember 2015
- November 2015
- Oktober 2015
- September 2015
- August 2015
- Juli 2015
- Juni 2015
- Mai 2015
- April 2015
- März 2015
- Februar 2015
- Jänner 2015
- Dezember 2014
- November 2014
- Oktober 2014
- September 2014
- August 2014
- Juli 2014
- Juni 2014
- Mai 2014
- April 2014
- März 2014
- Februar 2014
- Jänner 2014
- Dezember 2013
- November 2013
- Oktober 2013
- September 2013
- August 2013
- Juli 2013
- Juni 2013
- Mai 2013
- April 2013
- März 2013
- Februar 2013
- Jänner 2013
- Dezember 2012
- November 2012
- Oktober 2012
- September 2012
- August 2012
- Juli 2012
- Juni 2012
- Mai 2012
- April 2012
- März 2012
- Februar 2012
- Jänner 2012
- Dezember 2011
- November 2011
- Oktober 2011
- September 2011
- Juli 2011
- Juni 2011
- Mai 2011
- April 2011
- März 2011
- Februar 2011
- Jänner 2011
- November 2010
- Oktober 2010
- September 2010
- Juli 2010