Data protection & privacy laws in Bolivia (2026)

Article 130 of the 2009 Political Constitution of the Plurinational State of Bolivia entitles any individual to file a habeas data action before a superior court to access, object to, correct, or delete personal data held in any public or private database; this is the primary directly enforceable data-protection right in the absence of a specific statute.

Law 164 of 2011 (Telecommunications and ICT Law) and its implementing Supreme Decree 1793 of November 2013 require express written consent before collecting or processing personal data, mandate disclosure of purpose and intended recipients, and grant users rights to correct, update, object, or revoke consent; these are the only operative statutory data-protection obligations in force today.

AGETIC (Agencia de Gobierno Electrónico y Tecnologías de Información y Comunicación), under the Ministry of the Presidency, prepared an anteproyecto de Ley de Protección de Datos Personales in 2024 and presented it to the Plurinational Legislative Assembly and the Andean Parliament; as of May 2026 it remains in the socialization/consultation phase and has not been approved.

Bolivia has no independent Data Protection Authority. Telecoms-related data complaints fall under the Autoridad de Regulación y Fiscalización de Telecomunicaciones y Transportes (ATT); AGETIC fulfills a policy and drafting role but holds no enforcement mandate over personal data protection more broadly.

Internet Bolivia (civil society organization) separately developed and published its own draft personal-data protection and digital-rights bill, contributing to the legislative debate alongside the AGETIC anteproyecto; neither proposal had passed into law as of May 2026.

Bolivia remains among the very few Latin American countries without a comprehensive data-protection statute; Argentina, Brazil, Chile, Colombia, Costa Rica, Ecuador, Mexico, Panama, Peru, and Uruguay have all enacted such legislation, creating regional harmonization pressure on Bolivia.