TMT 2025

COLOMBIA Law and Practice Contributed by: Maria Carolina Pardo, Ciro Meza, Angélica Navarro and Carlos Ignacio Arboleda, Baker McKenzie

tion. In the TMT sector, four particular problems are frequently seen in relation to consumers: • delays in the process of changing TMT opera - tors; • unauthorised charges by TMT operators for additional services (eg, cloud services, sub - scriptions to streaming platforms); • unauthorised advertising calls/messages or calls at times that are not allowed by the regulation; and • unauthorised transfer of consumers’ personal data for advertising purposes. Internal mechanisms aimed at preventing these problems may help mitigate TMT consumer risks in Colombia. 1.5 The Role of Blockchain in the Digital Economy In Colombia, the legal framework does not encompass specific provisions regarding the purchase and sale of crypto-assets and has not yet altered the regulatory outlook for the TMT sector. This regulatory gap permits the trading of crypto-assets via various digital platforms with minimal complications. As a result, the TMT sec - tor can utilise cryptocurrencies for transactions, investments and innovative business models with relative ease. Nevertheless, certain regulatory measures exist. Companies under the supervision of the Super - intendence of Companies that accept or conduct transactions involving crypto-assets are subject to enhanced scrutiny. This oversight ensures adherence to anti-money laundering (AML) and combating the financing of terrorism (CFT) reg - ulations. The lack of specific regulations offers a flexible environment for the TMT sector to explore and integrate cryptocurrency technolo - gies, potentially fostering increased innovation

and the adoption of blockchain solutions within the industry. However, it also necessitates that companies navigate the broader regulatory land - scape, including tax obligations and AML/CFT requirements, to maintain legal compliance. 2. Cloud and Edge Computing 2.1 Highly Regulated Industries and Data Protection In Colombia, the regulatory privacy framework for cloud and edge computing aligns with the General Data Protection Law (Law 1581 of 2012), which establishes the primary principles and obligations for entities handling personal data, including cloud service providers. Additionally, Decree 1377 of 2013 governs the handling of personal data, requiring companies to obtain explicit consent from individuals before collect - ing, storing or utilising their personal data. These regulations collectively form the core regulatory body overseeing all personal data processing within Colombian territory. It is important to note that in Colombia, “pro - cessing” encompasses the use, collection, transfer, deletion and storage of personal data, as broadly interpreted by the SIC. Consequently, methods such as using cookies or data scrap - ing on devices in Colombia are deemed as pro - cessing, thereby invoking all relevant obligations for the controller, even if no further processing occurs locally or by a local entity. Foreign tech - nology companies with minimal or no local pres - ence have been subject to administrative orders to comply with local laws (eg, modifying privacy policies, registering databases, providing a local point of contact for data subjects), although no sanctions have yet been imposed for non-com - pliance by foreign parties.

CHAMBERS.COM