How long does Paraguay retain fingerprint, face, and iris data for digital ID users?
This fact-check may be outdated. Consider refreshing it to get the most current information.
Executive summary
Paraguay’s legal and regulatory framework for biometric retention in its digital ID systems remains unclear in available reporting: civil-society analyses and NGO briefings say laws and regulations lack specific limits on collection, storage and retention of fingerprints, facial and iris data (TEDIC; Biometric Update) [1] [2]. Paraguay advanced a Personal Data Protection bill in 2025, but implementation details, including explicit biometric retention periods for digital ID programs, are not specified in current reporting [3] [4].
1. What public sources say — no clear retention periods
NGO investigations and briefings repeatedly flag an absence of detail about how biometric data are stored and for how long. TEDIC’s analysis of Paraguay’s digital ID and electoral-biometric proposals notes that bills and proposals do not indicate how biometric data will be stored or whether there will be restrictions on access, use and retention — meaning no explicit fingerprint, face or iris retention timelines are published in those documents cited by the NGO [5] [1]. Biometric Update summarizes TEDIC’s criticism that digital IDs and mobile driver’s licences are being issued “without adequate regulation,” including limits on biometric collection and deletion processes [2].
2. Legislative progress — a law coming, but timing and rules unresolved
Paraguay made legislative progress on a national personal data protection law in 2024–2025: the Personal Data Protection bill was approved in the Chamber of Deputies in May 2025 and moved through Senate consideration; reporting notes presidential forwarding and momentum toward enactment [3] [4]. Available coverage describes the political timeline and advocacy by civil society but does not provide the statute’s final textual provisions on biometric retention in digital ID systems or implementation regulations [3] [4].
3. Civil-society concerns: necessity, proportionality and safeguards
TEDIC and allied groups emphasize three consistent concerns: states must demonstrate biometric systems are necessary and proportionate; there must be safeguards against unauthorized access and misuse; and there must be processes to correct or delete personal data [1] [2]. Those organizations explicitly call for limits on collection and retention and for transparency and impact assessments; current reporting indicates those safeguards were lacking in existing Paraguayan initiatives [1] [2].
4. What the mainstream or technical press adds — broader context, not specifics
Industry and regional pieces place Paraguay in a regional trend toward digital identity and biometric integration but do not provide country-level retention schedules. Analyses cataloging Latin American digital-ID developments treat Paraguay as an adopter or early implementer of mobile ID apps, without citing statutory retention periods for fingerprints, facial or iris templates [6] [7]. Global surveys of digital ID and passport reforms likewise note the growth of biometric databases but do not list Paraguayan retention rules [8].
5. Conflicting viewpoints and implicit agendas
Sources reflect two competing perspectives. TEDIC and privacy advocates frame biometric retention as a human-rights risk requiring strict limits and strong oversight [1] [5]. By contrast, coverage focused on digital transformation and identity infrastructure emphasizes operational benefits — fraud reduction, service access and travel facilitation — without engaging retention trade-offs [6] [8]. Civil-society actors pushing for rapid adoption may implicitly stress urgency of reform; industry and some government actors implicitly prioritize deployment and interoperability over privacy-first constraints [2] [7].
6. What is still unknown and how to get answers
Available sources do not mention specific legal retention periods for fingerprints, facial or iris data tied to Paraguay’s digital-ID program; they report omissions and the need for implementing regulations [1] [2] [5]. To get definitive answers: review the final text and subordinate regulations of Paraguay’s Personal Data Protection law once published, consult the implementing regulation for the national digital ID or mDL platform, or request formal records from Paraguay’s relevant registries or ministries — none of which are quoted with retention schedules in the documents summarized here [3] [4].
7. Bottom line for citizens and journalists
Current reporting documents an absence of transparent, legally specified retention limits for biometric identifiers in Paraguay’s digital-ID initiatives and highlights civil-society demands for rules on collection, retention, access, correction and deletion [1] [2] [5]. Until the implementing regulations or the final text of the data protection law are published and analyzed, any precise claim about how long fingerprints, facial data or iris templates are retained in Paraguay cannot be substantiated from the cited sources [3] [4].