Paraguay advances toward comprehensive data protection framework

By BKM | Berkemeyer

The National Congress of Paraguay recently held a public hearing to discuss the proposed Personal Data Protection Law, a bill that has already received general approval from the Chamber of Deputies. The initiative aims to establish a robust, unified legal framework to safeguard the personal data of individuals and align national legislation with global standards in privacy and data governance.

The hearing served as a platform for input from government authorities and civil society, whose perspectives will inform the bill’s detailed review. The law defines personal data protection as the regulatory system that governs how personal information is collected, processed, and stored—ensuring privacy, data integrity, and protection against unauthorized or accidental breaches.

Currently, Paraguay lacks a dedicated data protection law, relying instead on scattered provisions across various legal sectors. This has resulted in legal uncertainty and limited enforcement capabilities. The proposed bill addresses this gap by introducing key data protection principles such as lawfulness, fairness, transparency, purpose limitation, and accountability.

A central component of the bill is the creation of an independent Personal Data Protection Authority. This body would be empowered to monitor compliance, handle complaints, issue binding decisions, and enforce sanctions.

The legislation also reinforces individual rights, including access, rectification, erasure, opposition, data portability, and protection against automated decision-making. These provisions reflect a growing recognition of the need to protect personal information in an increasingly digital and data-driven world.