Superintendencia de Industria y Comercio

Top bar

logo presidencia

Logo SIC y Gobierno de Colombia

Se encuentra usted aquí

Tramites y servicios menu secundario

Colombia’s Data Protection Authority (DPA), ratifies duty of Facebook Colombia to strengthen security measures to better protect personal data of more than 31 million colombian citizens

•    Facebook Colombia S.A.S has until June 14 to implement and certify useful and effective new security measures to prevent unauthorized or fraudulent use of personal data

•    The security improvements, which have a preventive nature, will help protect the 31 million Colombians who have Facebook accounts.

Bogotá. February 17, 2020. The Superintendence of Industry and Commerce, Colombia’s Data Protection Authority (DPA), resolved the appeal field by Facebook Colombia S.A.S against the Resolution 1321 of January 24th, 2019 that gave the order to adopt new measures and improve existing ones to guarantee the security of the personal data of more than 31 million of Colombian users of said social network.

Resolution 4885 of February 13th, 2020 confirmed the order issued, where, among others was concluded:

  • Facebook Colombia S.A.S. carries out an activity that involves the Processing of Personal Data. To provide its advertising services, it uses the data of Facebook Inc. users. Without this information, the Colombian company would not be able to provide its services. In other words, the business model of Facebook Colombia S.A.S. is based on the information processed by Facebook Inc. 
  • Facebook Colombia S.A.S. is also responsible for the Processing of Personal Data that is made by the platform regarding Colombian users, considering the legal and economic relations with the Facebook Group, and their participation in the Processing of that Data.
  • Facebook has a relevant position in the cybersecurity of the world because of the quantity and quality of information that it handles. That is why it has the duty to be more than diligent in the Processing of Data, in order to guarantee the protection of people and their privacy. Therefore, the company should not save efforts to improve the level of security required by the regulation for all users of that digital social network.

In compliance with the constitutional mandate established by article 15 of the Colombian Constitution, that stablishes "In the collection, processing and circulation of data, freedom and other guarantees enshrined in the Constitution shall be respected, and with the supreme provision regulated by Statutory Law 1581 of 2012, which requires that personal data be processed with “the technical, human and administrative measures that are necessary to guarantee the security to the records avoiding their adulteration, loss, consultation, use or access unauthorized or fraudulent”, the company Facebook Colombia S.A.S has until June 14, 2020 to implement useful and effective security measures to avoid: 


  • Unauthorized or fraudulent access.
  • Unauthorized or fraudulent use.
  • Unauthorized or fraudulent consultation. 
  • Unauthorized or fraudulent adulteration. 
  • Unauthorized or fraudulent loss. 


In addition, Facebook Colombia S.A.S. must certify to the Superintendence of Industry and Commerce that it has made security improvements through an external audit firm.