
Mexican Data Protection Authority Fines the FMF for Falling to Comply with Fans’ Data Protection Obligations
July 13, 2026
Mexico’s Secretariat for Anti-Corruption and Good Governance announced that it imposed a fine of MXN $42.8 million (~USD $2.4 million) on the Mexican Football Federation (FMF) for failing to comply with its data protection obligations toward fans.
Specifically, the authority determined that the FMF failed to inform individuals that their biometric data—collected through a selfie photograph—constituted sensitive personal data and failed to obtain the individuals’ express written consent for its processing.
This sanction confirms that Mexico’s new data protection authority is adopting a stricter approach to the processing of biometric data. Organizations that collect and use personal data should ensure full compliance with their obligations as data controllers to minimize the risk of regulatory scrutiny, significant financial penalties, and reputational harm.
The authority’s announcement can be accessed here.
For more information regarding privacy compliance obligations or to discuss the risk related to failure of compliance, please reach out to [email protected].
Copyright © 2026 All rights reserved