It is reported that Uruguay imposes an identity requirement for SIM registration. Anyone wanting to purchase a SIM card has to provide their national ID card, or a passport in case of foreigners, to activate a new prepaid SIM card.

It is reported that a basic legal framework on intermediary liability for copyright infringement is absent in Uruguay's law and jurisprudence.

According to Art. 6 of Decree 64/2020, prior to the start of the processing, the controller and the processor shall carry out an assessment of the impact on the protection of personal data (DPIA) in certain circumstances.
According to Art. 10, the controller and the processor shall carry out an assessment of the DPIA, when the processing operations may:
- Use sensitive data as a core business.
- Project permanent or stable processing of the specially protected data referred to in Chapter IV of Law No. 18.331 of August 11, 2008, or of data related to the commission of criminal, civil, or administrative offenses.
- Involve an evaluation of personal aspects of the data subjects to create or use personal profiles, in particular by analyzing or predicting aspects related to their work performance, economic situation, health, personal preferences or interests, behavioral reliability, behavioral reliability, financial solvency, and location.
- To process data of groups of persons in a situation of special vulnerability and, in particular, of minors or persons with disabilities.
- Processing of large volumes of personal data.
- Transfer of personal data to other States or international organizations for which there is no adequate level of protection.
- Others determined by the Regulatory and Control Unit of Personal Data.

According to the Art. 40 of Law No 19,670 the appointment of a Data Protection Officer (DPO) is mandatory in the following cases: (i) public state or non-state entities, (ii) private or partially state-owned entities, (iii) private entities which process sensitive data as a core activity, and (iv) private entities which process large scales of data (Art. 10 of Decree 64/2020 establishes that large scales of data mean the data processing of more than 35,000 data subjects).

The appointment of a DPO must be submitted to the approval of the Regulatory Unit for the Control of Personal Data (URCDP). If the legal and technical requirements are not met, the Regulator is empowered to refuse or revoke (as the case may be) the submission/authorization to the appointed DPO, as set forth in Resolution No. 32/20. The delegate is responsible for advising the organizations they represent on compliance with the rules set forth in Law No. 18,331 on Personal Data Protection. In addition to this, they are also responsible for serving as the main point of contact with the URCDP, along with several other functions.

Uruguay has a data protection framework established in Law No. 18.331 - Personal Data Protection Law.

According to Art. 23 of Law No. 18.331 - Personal Data Protection Law, the transfer of personal data to countries or international organizations that do not provide adequate levels of protection is prohibited. The prohibition shall not apply in the case of:
- International judicial cooperation, in accordance with the respective international instrument, whether Treaty or Convention, takes into account the case's circumstances;
- Exchange of medical data when so required by the affected person's treatment for public health or hygiene reasons;
- Banking or stock exchange transfers, in relation to the respective transactions and in accordance with the applicable legislation;
- Agreements within the framework of international treaties to which the Oriental Republic of Uruguay is a party;
- International cooperation between intelligence agencies in the fight against organized crime, terrorism fight against organized crime, terrorism, and drug trafficking.

Uruguay has committed to open the transfer of cross-border data flows as part of the Free Trade Agreement between the Republic of Chile and the Oriental Republic of Uruguay.
In addition, the country has joined several trade agreements considered relevant to digital trade:
- Partial Scope Agreement Of Economic Complementation No. 57 Signed Between The Argentine Republic And The Oriental Republic Of Uruguay.
- Free Trade Agreement between the Oriental Republic of Uruguay and the Government of the United Mexican States.
- Economic Complementation Agreement signed between the Governments of the Argentine Republic, the Federative Republic of Brazil, the Republic of Paraguay and the Oriental Republic of Uruguay, Member States of Mercosur, and the Governments of the Republic of Colombia, the Republic of Ecuador and the Bolivarian Republic of Venezuela, Member Countries of the Andean Community.
- Economic Complementation Agreement subscribed between the Governments of the Republic of Argentina, the Federative Republic of Brazil, the Republic of Paraguay, the Oriental Republic of Uruguay, Mercosur Member States, and the Government of the Republic of Peru.
- Partial Scope Agreement between the Oriental Republic of Uruguay and the Bolivarian Republic of Venezuela.

Uruguay has not appended the WTO Telecom Reference Paper to its schedule of commitments.

According to national legislation (Law 17.296), the Regulatory Unit of Communications Services (URSEC) has been constituted as a decentralized state legal entity (decentralized public service). However, it is reported that Uruguay's regulatory entity has autonomy only for some decisions.

Art. 16 of the Telecommunications Licensing Regulations requires licensees whose corporate purpose includes activities other than the provision of telecommunications services to keep separate accounts for the latter. Therefore, it is not required for operators with market power but only for activities other than telecommunications.

Art. 6 of Law 14,235 establishes that the National Telecommunications Administration of Uruguay (ANTEL) has a monopoly on telecommunications services. As this law predates the Internet, it has generated uncertainty about the scope of ANTEL's monopoly. In practice, other companies have been operating in the market, although the operator never granted licenses to provide data transmission services until June 2022. The situation changed as a result of a court ruling in 2016. Following an appeal by a group of companies, the Uruguayan Court of Justice declared Art. 56 of the 2015 Media Law invalid, thus allowing holders of audiovisual communication services to apply for licenses to provide broadband and Internet access services.

Pursuant to Art. 1 of Law 14,235, the National Telecommunications Administration of Uruguay (ANTEL) is a decentralized public service and the company is fully state-owned.

It is reported that Uruguay does not mandate functional or accounting separation for operators with significant market power (SMP) in the telecom market.

Uruguay has no rules applicable to the protection of trade secrets. It is reported that the Uruguayan legal system does not have a single reference to business or trade secrets, nor does the legal system have a law on unfair competition in which to include its regulation.

It is reported that passive sharing of infrastructure in the telecom market is not mandated, but it is practiced in the mobile sector based on commercial agreements. However, in the fixed sector is not mandated nor practiced.