Are there technical or legal mechanisms for citizens to request deletion or correction of their biometric data in Paraguay?
This fact-check may be outdated. Consider refreshing it to get the most current information.
Executive summary
Paraguay has been moving from a patchwork of sectoral rules toward a comprehensive personal data protection framework that, according to multiple reports, will include rights such as access, rectification, deletion and portability and create a supervisory agency — meaning legal routes to request correction or deletion of biometric data are being created [1] [2]. Before that law’s full implementation there are gaps: civil-society groups and reporting say existing digital ID and biometric programs lack adequate regulation, and processes to correct or delete biometric data are often absent in practice [3] [4].
1. New national law promises explicit deletion/rectification rights — but timing matters
Recent coverage and legal summaries state that Paraguay’s first comprehensive personal data protection law (the “Personal Data Protection” bill/Law 7593/2025 in later reporting) establishes rights including access, rectification, deletion and portability and creates a national data protection agency to supervise complaints and compliance [1] [2]. Multiple legal guides and commentators in 2025 anticipated or recorded legislative approval steps that would bring those rights into law, though implementation periods and final regulatory detail remain in flux [5] [6].
2. Civil-society reports say operational deletion mechanisms are weak today
Independent watchdogs have documented that Paraguay’s existing digital ID systems and e-government platforms do not yet provide clear procedures to correct or delete biometric data and that privacy policies remain outdated or refer to repealed laws, leaving citizens without reliable, practical channels to seek erasure or rectification [3] [4]. TEDIC and other groups explicitly demand limitations on biometric collection and processes for correction/deletion as part of necessary regulation [3] [7].
3. Sectoral laws, special rules and events complicate the picture
Beyond a proposed general law, Paraguay has enacted sector-specific measures that affect biometric collection — for example, Law 7269/2024 that mandates biometric collection (facial recognition) for sporting-event attendees — which critics say lacks safeguards and could be inconsistent with later data-protection principles unless revised [8] [7]. This dual reality means that even where a general deletion right is later codified, its interaction with sectoral mandates needs clarification [8] [7].
4. Enforcement architecture is promised but not yet entrenched
Coverage indicates the new national law would create the Agencia Nacional de Protección de Datos Personales under MITIC to supervise compliance, attend complaints and guide handling practices — that agency would be the likely administrative route for citizens seeking correction or deletion once it is operational [1]. However, reporting also notes parliamentary and executive steps remained ongoing in 2025 and that the law’s implementation timeline (and powers/regulatory rules) would determine how effective any remedy would be [2] [6].
5. Practical remedies available to citizens today: limited and fragmented
Current reporting and NGO analyses show that, until comprehensive rules and agency procedures are active, citizens rely on a mix of constitutional remedies, sectoral administrative processes and ad hoc engagement with institutions; those avenues are uneven and may not cover biometric profiling or mass surveillance uses [7] [3]. AccessNow and TEDIC have both argued that, before the general law, Paraguay lacked a robust, consistent mechanism to protect personal data or to demand deletion [9] [3].
6. What to watch next — legislation, agency rules and the carve-outs
The decisive factors for real-world deletion/correction rights will be (a) whether the final law as approved keeps explicit deletion/rectification clauses and establishes a strong agency with complaint powers [1] [2], (b) the implementing regulations that define procedures and timelines for data subjects, and (c) whether sectoral laws (for example on sporting events or immigration) include carve-outs or special retention rules that limit erasure [8] [10]. Coverage in 2025 shows momentum for the general law, but also identifies unresolved gaps [5] [11].
Limitations and competing perspectives
Available sources agree that a new comprehensive law is imminent or approved in stages and would contain deletion/rectification rights [1] [2], while civil-society sources and sectoral reporting warn that current platforms and laws still lack practical deletion channels and adequate safeguards [3] [4]. Sources do not provide the final text of implementing regulations or a step‑by‑step citizen complaint procedure; available sources do not mention the exact administrative forms, deadlines or online portals citizens will use once the law comes into force [1] [2].