Skip to main content
NOPE
In Effect Law Data Protection

Costa Rica Law 8968

Law 8968 on the Protection of Individuals with Regard to the Processing of Their Personal Data

Costa Rica's data protection law requiring database registration with PRODHAB and establishing comprehensive data subject rights.

Jurisdiction

Costa Rica

Enacted

Jul 5, 2011

Effective

Jul 5, 2011

Enforcement

Agencia de Protección de Datos de los Habitantes (PRODHAB)

National AI Strategy 2024-2027 complements data protection framework

Nemko Digital AI Regulation Guide

Why It Matters

Costa Rica's mandatory database registration creates compliance step for AI chatbot services processing Costa Rican user data.

Recent Developments

National AI Strategy 2024-2027 establishes AI governance framework complementing data protection

At a Glance

Applies to

AI CompanionMental Health AppGeneral Chatbot

Who Must Comply

  • Data controllers and processors in Costa Rica
  • Public and private entities maintaining personal databases
  • Cross-border data transfers from Costa Rica

Obligations fall on:

Safety Provisions

  • Database registration with PRODHAB mandatory
  • Right to access, rectification, and deletion
  • Security measures for personal data
  • Cross-border transfer restrictions
  • Habeas Data remedy available

Compliance & Enforcement

Penalties

Fines and sanctions for violations

View on map

Costa Rica

Focus Areas

General regulation

Cite This

APA

Costa Rica. (2011). Law 8968 on the Protection of Individuals with Regard to the Processing of Their Personal Data.

Related Regulations

In Effect CARICOM

CARICOM CCSCAP 2025

CARICOM's 2025 regional cyber security framework establishing digital safety culture and coordinated incident response across 18 member states.

In Effect CL

Chile Cybersecurity Law

First cybersecurity framework law in Latin America (Law 21,663 promulgated Mar 26, 2024; published Apr 8, 2024). Creates National Cybersecurity Agency (ANCI), mandatory incident reporting, and encryption rights.

In Effect PR

Puerto Rico Cybersecurity Act

Puerto Rico's comprehensive cybersecurity law establishing cybersecurity framework for public and private sectors, complementing Act 111-2005 breach notification.

In Effect AR

Argentina AI Strategy

Non-binding AI governance guidelines establishing principles for responsible AI use. Argentina positioning as AI innovation hub with limited regulatory barriers. Emphasizes transparency, accountability, and human oversight. Multiple legislative proposals pending inspired by EU AI Act, aiming to establish formal regulatory authority.

Failed CA

AIDA

Would have regulated high-impact AI systems with potential penalties up to $25M or 5% global revenue. Part of Bill C-27 which died when Parliament ended.

In Effect BR

Brazil ECA Digital

Comprehensive child digital safety law applying to any IT product or service directed at or likely to be accessed by minors in Brazil, with extraterritorial reach.

All regulations Check if this applies to you

Last updated January 22, 2026. Verify against primary sources before relying on this information.