With Resolution No. 263/2023 (“Resolution“), published on 17 March in the Official Gazette, the National Communications Entity (Ente Nacional de Comunicaciones (ENACOM)) approved a new Regulation for the Collection of Personal Data and Identity Validation of Users of Mobile Services that Hold a Mobile Number (“Regulation,” “Users” and “Services” respectively).
Providers of the Services (“Providers“) are granted 60 days to adapt their nomination and validation systems to the terms of the Regulation.
The Regulation aims to address the growing number of crimes that are being committed recently (e.g., SIM cloning or SIM swapping).
The Regulation requires Providers to adjust their existing protocols for the registration of new mobile numbers and for changes of certain conditions in which the Services are provided. This means implementing new guidelines for the collection of personal data and identity validation of Users to mitigate risks of fraud and impersonation. The Resolution sees biometric data as a suitable instrument to prevent digital crimes, if Users have mobile terminals with adequate technology.
Among the provisions of the Regulation, we highlight the following:
- To validate the identity of a User, the Provider must request certain personal data, such as name and surname, ID number, ID procedural number and date of issuance or, in the case of nonresident foreign citizens, the passport and/or any valid travel document.
- To implement “critical or sensitive” commercial or technical amendments to a mobile number (e.g., issuance of a new SIM card), the Provider must revalidate the User’s identity using biometric data life proof techniques. If facial images are used, these must be captured in accordance with certain guidelines. If this is not possible, multistep or multifactor identity validation mechanisms should be applied.
- To change the holder of a mobile number, Providers must, additionally, collect the personal data and validate the identity of the new applicant for registration purposes. If the applicant’s identity cannot be validated, the mobile number in question must be blocked.
- Breaches to the Regulation will be subject to the sanctions established in the respective licenses, Law No. 27,078, and RESOL-2021-221-APNENACOM#JGM.