Protection of personal information in light of the amendments to the Mexican Labor Law on Teleworking.
Jan – 13- 2021
On Tuesday, January 12, 2021, a decree was published in the Federal Official Gazette amending various provisions of the Mexican Labor Law, in order to introduce a chapter regulating “Teleworking” in Mexico.
While this amendment impacts primarily on labor issues, it also includes various obligations that influence the protection of personal information, since it widens the regulation of the relationship with the employees opting for this Teleworking modality, which has become a constant in these times of health restrictions resulting from the COVID-19 pandemic.
Regarding the protection of personal data, the following is relevant:
- The conditions for teleworking must be stated in writing, and the mechanisms for contact and supervision between the parties must be specified, as well as the duration and distribution of working schedules.
- Employers must implement mechanisms that preserve the information and data security used by workers in teleworking modality. Likewise, employers must respect employees’ right to disconnect from work in the teleworking mode.
- On the other hand, employees must comply and use the mechanisms and operating systems that allow the supervision of their activities in teleworking mode, and also must comply with the information security and data protection policies and mechanisms used in the performance of their activities, respecting as well the restrictions on the use and storage of the information.
This amendment also establishes that the mechanisms, operating systems and any technology used to supervise teleworking must be proportional to its objective, guaranteeing the right to privacy of the people working under the teleworking modality, and respecting Mexican legal framework on personal data protection.
Certainly it is only a regulatory framework with general rules that will have to be detailed in the future, but it is a step forward in terms of regulation of remote working, which is a constant concern for personal data protection professionals.