Data & Privacy · Bolivia
Data protection & privacy law in Bolivia (2026)
Bolivia shaded by its data & privacy status
Data protection in Bolivia: proposed, under No comprehensive data-protection law enacted; constitutional habeas data (Art. 130, 2009 Political Constitution); sector-specific obligations under Law 164 (2011) and Supreme Decree 1793 (2013) for telecoms; AGETIC 2024 anteproyecto under legislative review; no dedicated supervisory authority.
Bolivia lacks a comprehensive personal data-protection law as of May 2026. The 2009 Political Constitution enshrines a habeas data action and informational self-determination as fundamental rights, while Law 164 of 2011 and Supreme Decree 1793 of 2013 impose limited, consent-based data obligations exclusively in the telecoms sector. AGETIC prepared and formally presented a full draft personal-data protection law (anteproyecto) to the Plurinational Legislative Assembly in 2024, but it remains in socialization and has not been enacted.
Key points
Article 130 of the 2009 Political Constitution of the Plurinational State of Bolivia entitles any individual to file a habeas data action before a superior court to access, object to, correct, or delete personal data held in any public or private database; this is the primary directly enforceable data-protection right in the absence of a specific statute.
Law 164 of 2011 (Telecommunications and ICT Law) and its implementing Supreme Decree 1793 of November 2013 require express written consent before collecting or processing personal data, mandate disclosure of purpose and intended recipients, and grant users rights to correct, update, object, or revoke consent; these are the only operative statutory data-protection obligations in force today.
AGETIC (Agencia de Gobierno Electrónico y Tecnologías de Información y Comunicación), under the Ministry of the Presidency, prepared an anteproyecto de Ley de Protección de Datos Personales in 2024 and presented it to the Plurinational Legislative Assembly and the Andean Parliament; as of May 2026 it remains in the socialization/consultation phase and has not been approved.
Bolivia has no independent Data Protection Authority. Telecoms-related data complaints fall under the Autoridad de Regulación y Fiscalización de Telecomunicaciones y Transportes (ATT); AGETIC fulfills a policy and drafting role but holds no enforcement mandate over personal data protection more broadly.
Internet Bolivia (civil society organization) separately developed and published its own draft personal-data protection and digital-rights bill, contributing to the legislative debate alongside the AGETIC anteproyecto; neither proposal had passed into law as of May 2026.
Bolivia remains among the very few Latin American countries without a comprehensive data-protection statute; Argentina, Brazil, Chile, Colombia, Costa Rica, Ecuador, Mexico, Panama, Peru, and Uruguay have all enacted such legislation, creating regional harmonization pressure on Bolivia.
Timeline - major decisions & events
Bolivia's Agency for Electronic Government (AGETIC) published an updated version of the draft Personal Data Protection Bill and an accompanying Manual de Protección de Datos on its official website, consolidating proposals for a national supervisory authority and full ARCO rights regime. The documents remain a pre-legislative instrument and have not yet been enacted.
AGETIC – Estado Plurinacional de Bolivia ↗The deadline imposed by Andean Community Decision 897 for Bolivia to transpose data-privacy guidelines into national legislation expired on 2 July 2024 without a law being enacted; Bolivia remains bound by the supranational obligation but users continue to lack a standalone enforcement framework. A draft law was still pending in Congress at that date.
Comunidad Andina ↗AGETIC presented Bolivia's Anteproyecto de Ley de Protección de Datos Personales before the Andean Parliament, signalling the government's intent to comply with CAN Decision 897 and proposing an autonomous data-protection authority, data-subject rights, security standards, and rules for international transfers. This was the highest-profile official presentation of the bill to date.
ABI – Agencia Boliviana de Información (Bolivian state news agency) ↗A formal bill (reference PL-349, legislative session 2020-2021) on personal data protection was submitted to Bolivia's Chamber of Deputies for the first time as a dedicated standalone proposal, covering data-subject rights, a supervisory authority, and enforcement mechanisms. As of 2025, the bill remained pending in the Legislative Assembly without a vote.
Cámara de Diputados – Bolivia ↗Supreme Decree 1793 enacted sector-specific rules for ICT development under Law 164, including detailed personal data-protection obligations for ICT and telecom service providers and prohibitions on unsolicited commercial communications. It constitutes the most operationally specific data-protection regulation in force pending dedicated legislation.
LexiVox (mirrors Gaceta Oficial de Bolivia – DS 1793) ↗Supreme Decree 1391 enacted the General Regulation to the 2011 Telecommunications Law, elaborating confidentiality and data-protection obligations for telecom operators and providers, operationalising the user-privacy articles of Law 164 for the first time in secondary legislation.
SEA – Bolivian Secretaría de Estado de Administración (Official) ↗Law No. 164 established Bolivia's general framework for telecommunications and ICTs; Articles 56-57 required operators to guarantee the inviolability of communications and the protection of users' personal data and privacy, marking the first standalone statutory data-protection provisions in Bolivian law. It also created ADSIB as Bolivia's public digital-certification entity.
Ministerio de Educación – Bolivia (Official text of Law 164) ↗Bolivia's new Political Constitution came into force, establishing Article 21.2 (right to privacy and intimacy) and Articles 130-132 (Acción de Protección de Privacidad), a constitutional habeas data action that allows any person to access, contest, correct, or delete data held about them in public or private databases. These provisions form the constitutional bedrock for all subsequent data-protection efforts in Bolivia.
Justia Bolivia – Constitución Política del Estado (2009) ↗Law No. 1768 (promulgated 10 March 1997) modified the Bolivian Penal Code to insert Articles 363 Bis (Computer Manipulation, fraudulent alteration of data processing, 1-5 years imprisonment) and 363 Ter (Unlawful Alteration, Access, and Use of Computer Data), providing Bolivia's earliest criminal-law deterrent against misuse of personal data. These articles remain the principal criminal sanction in the absence of a comprehensive data-protection law.
OAS – Bolivian Penal Code (Ley 1768) ↗Bolivia - other topics
Data & Privacy in other countries
Last verified 5/24/2026 · Orientation, not legal advice - verify against the primary sources linked above. Methodology & how to cite · Explore the full world map →