Mexico City, January 28 2025.
On December 24, 2024, the United Nations (UN) General Assembly adopted the first international convention on cybercrime, the “United Nations Convention against Cybercrime” hereinafter “the Convention.” Initially proposed in 2019, the Convention has been the subject of extensive debate. Another treaty addressing cybercrime is the 2001 Council of Europe “Budapest Convention”, which Mexico has been invited to become a member but has neither signed nor taken the necessary steps.
The purpose of the Convention is to create an international legal framework for the prosecution of crimes related to or that use information and communications technologies. The Convention establishes that certain behaviors may be classified as crimes, such as illegal interception of communications, improper use of devices and crimes related to child pornography, among others. It also provides for international collaboration mechanisms, such as the exchange of information between member countries. Additionally, the Convention proposes the implementation of a 24/7 point of contact between member countries to provide immediate legal assistance and facilitate the collection and preservation of electronic evidence.
The Convention has faced strong opposition from the private sector, non-governmental organizations, and academics. Critics argue that it allows for unrestricted surveillance, as it does not mandate express judicial authorization for such activities. Furthermore, it has been discussed that the Convention could allow surveillance tools to be used under the premise of investigating “serious crimes.” This broad definition raises concerns about potential misuse against vulnerable populations.
In Mexico, various cybersecurity bills have been proposed, ranging from the introduction of a federal law to the incorporation of cybercrime-related offenses into the Federal Criminal Code. However, none of these initiatives have been successful to date.
It is crucial that any bill on this matter considers the protection of personal data, ensuring a balance between safeguarding this fundamental right and addressing national security concerns.
The UN Convention will be open for signature by UN member countries at an event scheduled to take place in Vietnam in 2025. It will enter into force 90 days after the 40th signatory country has signed the treaty.
Our firm’s Information Technology and Data Protection practice area remains available to assist you.
Sincerely,
Adolfo Athié Cervantes
Renata Denisse Buerón Valenzuela
Erika Itzel Rodríguez Kushelevich
Ivan García Argueta
