Database

Browse Database

COLOMBIA

Since May 2011
Since September 2011

Pillar Intermediary liability  |  Sub-pillar User identity requirement
Decree No. 1,630 (Decreto No. 1630 Por medio del cual se adoptan medidas para restringir la operación de equipos terminales hurtados que son utilizados para la prestación de servicios de telecomunicaciones móviles)

Resolution CRC No. 3,128 On positive and negative databases (Resolución No. 3128 Por la cual se define el modelo técnico, los aspectos operativos y las reglas para la implementación, […] de las bases de datos positiva y negativa para la restricción de la operación en las redes de telecomunicaciones móviles de los equipos terminales móviles reportados como hurtados y/o extraviados […])
Decree No. 1,630, of May 2011, creates a national registry of mobile phones, through the adoption of two databases. The negative database contains the IMEI (International Mobile Equipment Identity) of the devices that have been reported as stolen or lost, both in Colombia and abroad, while the positive database includes the mobile equipment imported or legally manufactured in Colombian territory. The latter connects the IMEI with the identity of the user, who is required to provide the telecommunication operators (or mobile telecommunications networks and services providers) with their full name, type and identity document number, address and telephone number. Although there is no mandatory registration of SIM cards, the IMEIs are associated with a specific user. Art. 5 of Decree No. 1,630 states that telecommunications providers must bear the costs of the system that supports the positive and negative databases, which must be managed by an independent legal entity and should guarantee the quality of the service. More regulation on the databases is contained in Resolution No. 3,128.
Coverage Telecommunications sector

COLOMBIA

N/A

Pillar Intermediary liability  |  Sub-pillar Safe harbor for intermediaries for copyright infringement
Lack of intermediary liability framework in place for copyright infringements
A basic legal framework on intermediary liability beyond copyright infringement is absent in Colombia's law and jurisprudence. The liability regime for damages applicable to Internet intermediaries in Colombia is the same as that generally applied to any other activity, that is a regime of subjective civil liability, since the law does not provide for a presumption of fault (or objective) for intermediaries.
Coverage Internet intermediaries

COLOMBIA

N/A

Pillar Intermediary liability  |  Sub-pillar Safe harbor for intermediaries for any activity other than copyright infringement
Lack of intermediary liability framework in place beyond copyright infringement
A basic legal framework on intermediary liability beyond copyright infringement is absent in Colombia's law and jurisprudence. The liability regime for damages applicable to Internet intermediaries in Colombia is the same as that generally applied to any other activity, that is a regime of subjective civil liability, since the law does not provide for a presumption of fault (or objective) for intermediaries.
Coverage Internet intermediaries

COLOMBIA

Since June 2013
Since October 2012, last amended May 2015

Pillar Domestic Data policies  |  Sub-pillar Requirement to perform an impact assessment (DPIA) or have a data protection officer (DPO)
Decree No. 1,377 Which Partially Regulates Law No. 1,581 (Decreto No. 1377 Por el cual se reglamenta parcialmente la Ley 1581 de 2012)

Law No. 1,581 Data Protection Law (Ley No. 1,581 Ley de Protección de Datos Personales)
According to Art. 23 of Decree 1,377, controllers and processors should appoint a person or function within the company that assumes responsibility for the protection of personal data, tasked with reviewing and solving claims made by data subjects. Furthermore, title VI of Law No. 1,581 establishes the duties of those responsible for data treatment and in charge of data treatment.
Coverage Horizontal

COLOMBIA

Since October 2012, last amended May 2015
Since June 2013
Since December 2008, last amended in October 2021

Pillar Domestic Data policies  |  Sub-pillar Framework for data protection
Law No. 1,581 Data Protection Law (Ley No. 1581 Ley de Protección de Datos Personales)

Decree No. 1,377 Which Partially Regulates Law No. 1,581 (Decreto No. 1377 Por el cual se reglamenta parcialmente la Ley 1581 de 2012)

Law No. 1,266 Regulates habeas data and the handling of the information contained in personal databases, especially financial, credit, commercial, services and that from third countries […] (Ley No. 1266 Por la cual se dictan las disposiciones generales del hábeas data y se regula el manejo de la información contenida en bases de datos personales, en especial la financiera, crediticia, comercial, de servicios y la proveniente de terceros países […])
The country has two main instruments regulating data protection, Law No. 1,581 and Decree No. 1,377. Law No. 1,581 establishes the guiding principles of data protection (such as finality, transparency, and confidentiality). Decree No. 1,377 complements and modifies Law No. 1,581.
Law No. 1,266 developed the habeas data, particularly regarding financial, credit, commercial, services, and third countries information.
Coverage Horizontal

COLOMBIA

Since August 2012

Pillar Domestic Data policies  |  Sub-pillar Minimum period for data retention
Decree No. 1,704 Regulates article 52 of Law No. 1,453 […] and other provisions (Decreto No. 1704 Por medio del cual se reglamenta el artículo 52 de la Ley 1453 de 2011 […] y se dictan otras disposiciones)
Pursuant to Art. 4 of Decree No. 1,704, telecommunications providers must keep and store for a period of five years subscribers' personal information, such as identity, billing address, connection type. This information must be available to the Attorney General or any competent authority in the context of a criminal investigation.
Coverage Telecommunication sector

COLOMBIA

Since December 2008, last amended in October 2021

Pillar Cross-border data policies  |  Sub-pillar Conditional flow regime
Law No. 1,266 Regulates habeas data and the handling of the information contained in personal databases, especially financial, credit, commercial, services and that from third countries […] (Ley No. 1266 Por la cual se dictan las disposiciones generales del hábeas data y se regula el manejo de la información contenida en bases de datos personales, en especial la financiera, crediticia, comercial, de servicios y la proveniente de terceros países […])
Art. 5 of Law No. 1,266 establishes a rule on international data transfers as carried out by data bank operators. The transfer is permitted to other data operators when there is authorization from the data subject; or when the destination database has the same purpose as the operator that delivers the data.

If the receiver of the data is a foreign data bank, the delivery without authorization must be done with a written record and due verification by the operator that the laws of the recipient of the information offer guarantees for the protection of the rights of the data subject.
Coverage Financial sector

COLOMBIA

Signed in 2015, entry into force in April 2020

Pillar Cross-border data policies  |  Sub-pillar Participation in trade agreements committing to open cross-border data flows
First Amending Protocol Which amends the Additional Protocol to the Framework Agreement of the Pacific Alliance) (Primer protocolo modificatorio del Protocolo Adicional al Acuerdo Marco de la Alianza del Pacífico)
According to Art. 13.11 of the First Amending Protocol (which amends the Additional Protocol to the Framework Agreement of the Pacific Alliance), the four parties (Chile, Colombia, Peru and Mexico) commit to allow cross-border information transfers through electronic means, including also the transfer of personal data for business activities. Moreover, in Art. 13.11.bis the parties commit to ban forced localisation of computer facilities in their national territories.
Coverage Horizontal

COLOMBIA

Since October 2012, last amended in May 2015
Since June 2013

Pillar Cross-border data policies  |  Sub-pillar Conditional flow regime
Law No. 1,581 Data Protection Law (Ley No. 1581 Ley de Protección de Datos Personales)

Decree No. 1,377 Which Partially Regulates Law No. 1,581 (Decreto No. 1377 Por el cual se reglamenta parcialmente la Ley No. 1581 de 2012)
According to Art. 26 of Law No. 1,581, cross-border transfer of personal data is forbidden unless it is made to a country that offers adequate levels of data protection (as defined by the Colombian data protection authority). The above-mentioned prohibition does not apply in certain cases, including when the data subject authorizes the cross-border transfer, or in the case of medical data being required for health or public hygiene reasons. According to the law, the institution in charge, "Superintendencia de Industria y Comercio" (SIC), establishes the standards regarding international data transfers.
Coverage Horizontal

COLOMBIA

Since July 2009, last amended in July 2021
Since May 2015, last amended in August 2022

Pillar Telecom infrastructure and competition  |  Sub-pillar Presence of independent telecom authority
Law No. 1,341 Issues principles and concepts on the information society and the organization of Information and Communication Technologies (ICT), creates the National Spectrum Agency [...] (Ley No. 1341 Por la cual se definen principios y conceptos sobre la sociedad de la información y la organización de las Tecnologías de la Información y las Comunicaciones (TIC), se crea la Agencia Nacional de Espectro [...])

Single Regulatory Decree No. 1,078 About the Information and Communication Technologies sector (Decreto No. 1078 Por medio del cual se expide el Decreto Único Reglamentario del Sector de Tecnologías de la Información y las Comunicaciones)
The "Comisión de Regulación de Comunicaciones" is the executive authority in Colombia for the supervision and administration of services in the telecommunications sector. According to Art. 19 of Law No. 1.314 and Art. 1.2.1.1. of Regulatory Decree No. 1,078, this authority is independent of the government in the decision-making process.
Coverage Telecommunications sector

COLOMBIA

Since July 2009, last amended in July 2021
Since December 2009
Since April 2021

Pillar Telecom infrastructure and competition  |  Sub-pillar Other restrictions to operate in the telecom market
Law No. 1,341 Issues principles and concepts on the information society and the organization of Information and Communication Technologies (ICT), creates the National Spectrum Agency [...] (Ley No. 1341 Por la cual se definen principios y conceptos sobre la sociedad de la información y la organización de las Tecnologías de la Información y las Comunicaciones (TIC), se crea la Agencia Nacional de Espectro [...])

Decree No. 4,948 Regulates the general legal authorization for the provision of telecommunications networks and services and ICT registration (Decreto No. 4948 Por el cual se reglamenta la habilitación general para la provisión de redes y servicios de telecomunicaciones y el registro de TIC)

Decree No. 377 (Decreto No. 377 Por el cual se subroga el título 1 de la parte 2 del libro 2 del Decreto 1078 de 2015, Decreto Único Reglamentario del sector de Tecnologías de la Información y las Comunicaciones, para reglamentar el Registro Único de TIC y se dictan otras disposiciones)
It has been reported that in practice companies that require to be registered in the ICT Registry, which include telecommunication companies and those that manage scarce resources (such as the electric spectrum), need to be incorporated into the country because of the documents needed for the mandatory registration in the ICT Registry (pursuant to Law No. 1,341, Decree No. 4,948, Decree No. 377). These documents include the Tax Identification Number for network and services providers and "Rol Único Tributario" for natural persons (according to Art. 5 and 6 of Decree No. 4,948).
Coverage Telecommunications sector

COLOMBIA

Since April 2014

Pillar Telecom infrastructure and competition  |  Sub-pillar Signature of the WTO Telecom Reference Paper
WTO Telecom Reference Paper
Colombia has appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.
Coverage Telecommunications sector

COLOMBIA

N/A

Pillar Telecom infrastructure and competition  |  Sub-pillar Presence of shares owned by the government in telecom companies
Presence of shares owned by the government in the telecom sector
The government of Colombia holds 32.5% shares of Colombia Telecomunicaciones SA ESP, which operates under the brand Movistar and focuses mainly on the telephony and mobile connection businesses. In September 2018, the authorities reported that the State was going to sell its stakes in the company but this has not been the case yet. Some public telecommunication companies exist at the local level, for example, ETB (which provides services in Bogotá), EPM (in Medellín), and Metrotel (in Barranquilla).
Coverage Telecommunications sector

COLOMBIA

N/A

Pillar Telecom infrastructure and competition  |  Sub-pillar Functional/accounting separation for operators with significant market power
Lack of mandatory functional separation for dominant network operators
The country does not mandate functional separation for operators with significant market power (SMP) in the telecom market. However, there is an obligation of accounting separation since 2009. According to Arts. 64 and 65 of the Law No. 1,341 Issues principles and concepts on the information society and the organization of Information and Communication Technologies (ICT), creates the National Spectrum Agency [...] (Ley No. 1341 Por la cual se definen principios y conceptos sobre la sociedad de la información y la organización de las Tecnologías de la Información y las Comunicaciones (TIC), se crea la Agencia Nacional de Espectro [...]), the operators must keep separate accounting and would be subject to specific sanctions if they do not comply with the requirement.
Coverage Telecommunications sector

COLOMBIA

Since December 2000
Since January 1996, last amended in July 2012
Since July 2000, last amended in January 2022

Pillar Intellectual Property Rights (IPRs)  |  Sub-pillar Effective protection covering trade secrets
Andean Decision No. 486 Common Regime on Industrial Property (Decisión No. 486 Régimen Común sobre Propiedad industrial)

Law No. 256 By which rules on unfair competition are issued (Ley No. 256 Por la cual se dictan normas sobre competencia desleal)

Criminal Code (Código Penal)
Laws No. 256, Decision No. 486, and the Penal Code provide a framework for the adequate protection of trade secrets. Arts. 260-266 of Decision No. 486 regulate trade secrets, Art. 245 of the same allows requesting preventive measures to stop an alleged infringement, avoid its consequences, obtain or retain evidence, or ensure the effectiveness of the action or compensation for damages. In addition, Art. 16 of Law No. 256 punishes the violation of trade secrets and Art. 308 of the Penal Code defines the violation of trade secrets and establishes a sanction.
Coverage Horizontal