Skip to content
World Watch/Bolivia/Data & Privacy

Data & Privacy · Bolivia

Data protection & privacy law in Bolivia (2026)

ProposedNo comprehensive data-protection law enacted; constitutional habeas data (Art. 130, 2009 Political Constitution); sector-specific obligations under Law 164 (2011) and Supreme Decree 1793 (2013) for telecoms; AGETIC 2024 anteproyecto under legislative review; no dedicated supervisory authorityCountry index 61 · C+

Bolivia shaded by its data & privacy status

Data protection in Bolivia: proposed, under No comprehensive data-protection law enacted; constitutional habeas data (Art. 130, 2009 Political Constitution); sector-specific obligations under Law 164 (2011) and Supreme Decree 1793 (2013) for telecoms; AGETIC 2024 anteproyecto under legislative review; no dedicated supervisory authority.

Bolivia lacks a comprehensive personal data-protection law as of May 2026. The 2009 Political Constitution enshrines a habeas data action and informational self-determination as fundamental rights, while Law 164 of 2011 and Supreme Decree 1793 of 2013 impose limited, consent-based data obligations exclusively in the telecoms sector. AGETIC prepared and formally presented a full draft personal-data protection law (anteproyecto) to the Plurinational Legislative Assembly in 2024, but it remains in socialization and has not been enacted.

Key points

Constitutional habeas data

Article 130 of the 2009 Political Constitution of the Plurinational State of Bolivia entitles any individual to file a habeas data action before a superior court to access, object to, correct, or delete personal data held in any public or private database; this is the primary directly enforceable data-protection right in the absence of a specific statute.

Telecoms sector rules, Law 164 / Decree 1793

Law 164 of 2011 (Telecommunications and ICT Law) and its implementing Supreme Decree 1793 of November 2013 require express written consent before collecting or processing personal data, mandate disclosure of purpose and intended recipients, and grant users rights to correct, update, object, or revoke consent; these are the only operative statutory data-protection obligations in force today.

AGETIC 2024 draft comprehensive law

AGETIC (Agencia de Gobierno Electrónico y Tecnologías de Información y Comunicación), under the Ministry of the Presidency, prepared an anteproyecto de Ley de Protección de Datos Personales in 2024 and presented it to the Plurinational Legislative Assembly and the Andean Parliament; as of May 2026 it remains in the socialization/consultation phase and has not been approved.

No dedicated supervisory authority

Bolivia has no independent Data Protection Authority. Telecoms-related data complaints fall under the Autoridad de Regulación y Fiscalización de Telecomunicaciones y Transportes (ATT); AGETIC fulfills a policy and drafting role but holds no enforcement mandate over personal data protection more broadly.

Civil-society parallel draft

Internet Bolivia (civil society organization) separately developed and published its own draft personal-data protection and digital-rights bill, contributing to the legislative debate alongside the AGETIC anteproyecto; neither proposal had passed into law as of May 2026.

Regional outlier

Bolivia remains among the very few Latin American countries without a comprehensive data-protection statute; Argentina, Brazil, Chile, Colombia, Costa Rica, Ecuador, Mexico, Panama, Peru, and Uruguay have all enacted such legislation, creating regional harmonization pressure on Bolivia.

Timeline - major decisions & events

Jun 1, 2025guidanceofficial
AGETIC Publishes Updated Anteproyecto de Ley and Data-Protection Manual

Bolivia's Agency for Electronic Government (AGETIC) published an updated version of the draft Personal Data Protection Bill and an accompanying Manual de Protección de Datos on its official website, consolidating proposals for a national supervisory authority and full ARCO rights regime. The documents remain a pre-legislative instrument and have not yet been enacted.

AGETIC – Estado Plurinacional de Bolivia
Jul 2, 2024decisionofficial
Andean Community Decision 897 Two-Year Implementation Deadline Expires, Bolivia Still Without a Data-Protection Law

The deadline imposed by Andean Community Decision 897 for Bolivia to transpose data-privacy guidelines into national legislation expired on 2 July 2024 without a law being enacted; Bolivia remains bound by the supranational obligation but users continue to lack a standalone enforcement framework. A draft law was still pending in Congress at that date.

Comunidad Andina
Jan 25, 2023guidanceofficial
AGETIC Formally Presents Draft Personal Data Protection Bill to Andean Parliament

AGETIC presented Bolivia's Anteproyecto de Ley de Protección de Datos Personales before the Andean Parliament, signalling the government's intent to comply with CAN Decision 897 and proposing an autonomous data-protection authority, data-subject rights, security standards, and rules for international transfers. This was the highest-profile official presentation of the bill to date.

ABI – Agencia Boliviana de Información (Bolivian state news agency)
Jan 1, 2021lawofficial
Draft Law PL-349/2020-2021 on Personal Data Protection Submitted to Chamber of Deputies

A formal bill (reference PL-349, legislative session 2020-2021) on personal data protection was submitted to Bolivia's Chamber of Deputies for the first time as a dedicated standalone proposal, covering data-subject rights, a supervisory authority, and enforcement mechanisms. As of 2025, the bill remained pending in the Legislative Assembly without a vote.

Cámara de Diputados – Bolivia
Nov 13, 2013law
Supreme Decree 1793 Issues ICT-Development Regulation Supplementing Law 164

Supreme Decree 1793 enacted sector-specific rules for ICT development under Law 164, including detailed personal data-protection obligations for ICT and telecom service providers and prohibitions on unsolicited commercial communications. It constitutes the most operationally specific data-protection regulation in force pending dedicated legislation.

LexiVox (mirrors Gaceta Oficial de Bolivia – DS 1793)
Oct 24, 2012lawofficial
Supreme Decree 1391 Issues General Regulation to Law 164 Including User-Privacy Obligations

Supreme Decree 1391 enacted the General Regulation to the 2011 Telecommunications Law, elaborating confidentiality and data-protection obligations for telecom operators and providers, operationalising the user-privacy articles of Law 164 for the first time in secondary legislation.

SEA – Bolivian Secretaría de Estado de Administración (Official)
Aug 8, 2011lawofficial
Law 164 General Telecommunications Law, First Statutory Data-Protection Provisions

Law No. 164 established Bolivia's general framework for telecommunications and ICTs; Articles 56-57 required operators to guarantee the inviolability of communications and the protection of users' personal data and privacy, marking the first standalone statutory data-protection provisions in Bolivian law. It also created ADSIB as Bolivia's public digital-certification entity.

Ministerio de Educación – Bolivia (Official text of Law 164)
Feb 7, 2009law
New Political Constitution Promulgated, Constitutional Right to Privacy and Habeas Data

Bolivia's new Political Constitution came into force, establishing Article 21.2 (right to privacy and intimacy) and Articles 130-132 (Acción de Protección de Privacidad), a constitutional habeas data action that allows any person to access, contest, correct, or delete data held about them in public or private databases. These provisions form the constitutional bedrock for all subsequent data-protection efforts in Bolivia.

Justia Bolivia – Constitución Política del Estado (2009)
Mar 10, 1997lawofficial
Law 1768 Amends Penal Code, First Criminal Sanctions for Computer Data Misuse

Law No. 1768 (promulgated 10 March 1997) modified the Bolivian Penal Code to insert Articles 363 Bis (Computer Manipulation, fraudulent alteration of data processing, 1-5 years imprisonment) and 363 Ter (Unlawful Alteration, Access, and Use of Computer Data), providing Bolivia's earliest criminal-law deterrent against misuse of personal data. These articles remain the principal criminal sanction in the absence of a comprehensive data-protection law.

OAS – Bolivian Penal Code (Ley 1768)

Bolivia - other topics

Data & Privacy in other countries

Last verified 5/24/2026 · Orientation, not legal advice - verify against the primary sources linked above. Methodology & how to cite · Explore the full world map →