From the Right to Be Forgotten to AI Oversight: The Evolution of Habeas Data in Colombia

Colombia’s Constitutional Court has transformed habeas data from protecting privacy to addressing artificial intelligence. Discover what this means for companies, startups, and foreign investors working with data in Colombia.

Why Does Habeas Data Matter for Your Business in Colombia?

Data is now the fuel of the global economy. In Colombia, the constitutional right of habeas data has evolved over the past three decades —from allowing citizens to correct personal information to protecting them against the risks of artificial intelligence. For any company entering the Colombian market —from fintechs and healthcare providers to e-commerce platforms and AI startups— understanding this legal framework is essential for compliance and risk management.

Key Milestones in Colombia’s Data Protection Jurisprudence

1. The Origins: Correction and Access

In the 1990s, Colombia’s Constitutional Court recognized habeas data as a fundamental right. Initially, it guaranteed access and correction of personal data held in public or private databases. Citizens could demand that banks, employers, or registries correct or delete inaccurate information.

2. The Right to Be Forgotten

Later rulings expanded habeas data to include the so-called “right to be forgotten,” particularly in cases involving outdated or harmful credit information. This principle limits how long sensitive data can be used against individuals, balancing economic efficiency with human dignity.

3. The Digital Era and New Risks

With the explosion of big data, social networks, and digital platforms, the Court refined its doctrine. It ruled that companies managing personal data must comply with strict principles of legality, purpose, necessity, and proportionality, in line with Law 1581 of 2012 (Colombia’s Data Protection Law).

4. Artificial Intelligence Under Scrutiny

Most recently, in landmark decisions such as T-323 of 2024, the Court examined the use of artificial intelligence tools (including ChatGPT) by judges and public entities. The Court did not ban AI, but imposed strict conditions:

  • AI can only support human decision-making, never replace it.
  • Authorities and companies must be transparent about when and how AI is used.
  • AI use must be proportional, avoiding interference with core human rights.
  • Risks must be constantly evaluated, especially when fundamental rights are at stake.

This positions Colombia as a regional pioneer in regulating AI through constitutional jurisprudence.

What Does This Mean for Companies and Investors?

If your business handles data in Colombia —whether as a healthcare provider, fintech, AI startup, or multinational expanding into Latin America— you must align with the evolving standards of habeas data. Failure to comply can result in:

  • Regulatory investigations by the Superintendence of Industry and Commerce (SIC).
  • Civil liability for damages caused by misuse of data.
  • Reputational risks if consumer trust is compromised.

FAQs

 Yes. Through Constitutional Court rulings, individuals can request deletion or limitation of outdated or harmful data, especially in credit and digital reputation cases.

 Not without limits. The Court has made clear that AI cannot replace human judgment in decisions that affect fundamental rights. Transparency and accountability are mandatory.

 The core framework is Law 1581 of 2012, complemented by Decree 1377 of 2013, sector-specific rules, and Constitutional Court jurisprudence.

At Nieto Lawyers, we help international companies, startups, and investors comply with Colombia’s strict data and AI regulations.

Whether you are launching a fintech, expanding your e-commerce platform, or developing AI solutions, we ensure your business model is aligned with Colombian constitutional and regulatory standards.

For more information you can contact us habeasdata@nietolawyers.com

Contact us today to secure your project’s compliance and build trust in one of Latin America’s fastest-growing digital markets.

Agendar con Nieto Lawyers WhatsApp

Topics of Interest

Legal News

Our Team

Jaime Nieto Pérez

Founding Partner and Manager

Contact
Jaime Andrés Nieto

Senior Partner

Contact
Estefani Nieto

Senior Partner

Contact
See more
Share:
nieto & nieto lawyers,  GDPR Cookie Compliance
COOKIE NOTICE

NIETO & NIETO LAWYERS S.A.S. PRIVACY NOTICE

Through this document, and in accordance with the provisions of Statutory Law 1581 of 2012, Article 14 of Regulatory Decree 1377 of 2013, and other related regulations, NIETO & NIETO LAWYERS S.A.S., identified with NIT 830.083.908-9, informs its clients, suppliers, employees, associates, and visitors of its web platforms of the existence of the COMPANY'S PERSONAL DATA PROCESSING AND PROTECTION POLICY, which will apply when using the aforementioned web tools, posting comments on the blog, and/or having commercial, civil, and/or labor relations with the company, as well as how to access said policy and the purposes of the personal data processing that is intended.

  1. Personal Data Processing Policies: NIETO & NIETO LAWYERS S.A.S. states that you may consult the personal data processing policy governing the company at any time, which can be viewed at www.nietolawyers.com.
  2. Purpose of Personal Data Processing: In accordance with the COMPANY'S PERSONAL DATA PROCESSING AND PROTECTION POLICY, the collection, processing, storage, treatment, verification, use, circulation, transfer, and/or national and/or international transmission of personal data is carried out for the following purposes:
  • Fulfillment of commercial obligations within the framework of contractual relationships with clients, suppliers, and employees.
  • Identification and contact of NIETO & NIETO LAWYERS clients, suppliers, and employees for contractual and legal purposes.
  • Processing and ensuring the fulfillment and delivery of services acquired by NIETO & NIETO LAWYERS clients, as well as preparing the corresponding billing.
  • Sending advertising about NIETO & NIETO LAWYERS services.
  • Public or private offering of NIETO & NIETO LAWYERS services.
  • Conducting analysis and profiling of clients to define services tailored to their preferences.
  • Communicating the organization of activities and events held by NIETO & NIETO LAWYERS.
  • Organizing the registration of supplier information for the issuance of purchase orders.
  • Communication, consolidation, organization, updating, control, accreditation, assurance, statistics, reporting, maintenance, interaction, and management of the actions, information, and activities related to NIETO & NIETO LAWYERS suppliers and contractors.
  • Administrative and corporate management of NIETO & NIETO LAWYERS.
  • Facilitating the use of interactive website functions, such as commenting on blog posts, within the established privacy rules.
  1. Rights of Personal Data Holders: Without prejudice to the rights recognized by Law 1581 of 2012, Decree 1377 of 2013, and those mentioned in the COMPANY'S PERSONAL DATA PROCESSING AND PROTECTION POLICY, personal data holders whose data is accessed by NIETO & NIETO LAWYERS S.A.S. will have, in particular, the following rights:
  • Access the provided data that has been processed, free of charge.
  • Know, update, and rectify their information when faced with partial, inaccurate, incomplete, outdated, fragmented, misleading, or unauthorized data processing.
  • Request proof of the granted authorization.
  • Submit complaints to the Personal Data Protection Delegation of the Superintendence of Industry and Commerce (SIC) for violations of current regulations.
  • Revoke the authorization at any time and/or request the deletion of the data, provided there is no legal or contractual duty preventing its deletion.
  • Refrain from responding to questions about sensitive data. NIETO & NIETO LAWYERS S.A.S. informs that responses regarding minors and sensitive data, such as racial or ethnic origin, gender, sexual or political orientation, religious beliefs, membership in unions, associations, or social organizations authorized by law, among others, will be optional.
  1. Use of Cookies and Other Tracking Technologies: NIETO & NIETO LAWYERS S.A.S. informs users that, upon visiting its website, information will be collected through cookies and other tracking technologies. These are used to enhance the browsing experience, analyze user behavior on the website, and facilitate interaction on the platform, such as commenting on the blog.

    Users will have the option to configure their browser to accept or reject cookies, as well as to delete previously stored cookies. At any time, they can manage their cookie preferences, allowing them to choose which cookies to accept and which to reject, ensuring transparent and controlled data handling.