Creating Technology for Social Change

Youth-friendly data protection in Mexico: Articulo 12, A.C.

How do youth allies promote young people’s critical thinking on privacy, in informal learning contexts in the Americas? This blog post is part of a series showcasing the work of different organizations at the intersection of youth development, digital rights, and online safety.

Quick facts

Who: Cédric Laurant from Artículo 12, A.C.

What: Litigation, advocacy, materials for youth

Mission/vision: To defend Mexican users’ privacy on and offline through litigation

Where: Mexico

Since: 2013 (but the team had worked together in different spaces since 2011)

Years of operation (as of January 2018): 5

Works in the field of: Data protection, privacy

Post summary: Artículo 12’s data protection program called “Son Tus Datos” carries out litigation and advocacy to close the gap between data protection legislation and practice in Mexico, which places them in the ecosystem of digital rights organizations in the country – and they use their platform to address the implications for youth rights.

Highlight quote from the interview: “Even on websites and sites that are cleary intended for youth, the [privacy] language is like that of lawyers communicating to adults”

More resources: Son Tus Datos’ institutional website; and Defensores Digitales, their website for youth

Interview with Cédric Laurant, Artículo 12, A.C.

Cédric Laurant is a data lawyer and researcher who had worked in Europe, the United States, Peru and Colombia before he moved to Mexico. There, he started Artículo 12 and its data protection program “Son Tus Datos”. Artículo 12 is an organization that defends users’ privacy on and offline through legal processes. At the time, data protection was not included in the portfolio of the more established non-profit organizations working on transparency, freedom of expression or journalist protection.
Artículo 12 is best known for Filtraciones Digitales, a website where corporate workers can whistleblow data breaches that otherwise go unreported. The goal of their work is to have enterprises notify victims when their data is breached. In 2016, they found that a wide spectrum of companies in 7 industrial sectors were not at all prepared to notify their data breaches to their clients, customers or users affected. “It’s not just about disseminating information on human rights, but actively protecting rights through legal processes. We want to use existing law, interpreting it in a way it has not been interpreted before, to flag companies that do not comply with the law, and if required, denounce them.”
Their work in corporate litigation shows that, like some of the other organizations featured in this blog post series, Artículo 12 does not self-identify as a “youth rights” organization, nor does it work primarily with youth. However, they are one of the digital rights organizations in Mexico with projects that address younger audiences.
One of these projects was the translation of European Digital Rights’ (EDRi) “Digital Defenders” materials into a book and the adaptation of its characters into two web games intended to teach digital security to 9-14 year-olds. “EDRi’s guide is interesting: it addresses the topic from the heroes perspective, with a narrative adapted to discuss privacy, while engaging youth. They presented heroes that, instead of broadly protecting society, protect your privacy. They also presented evil characters. Someone protects your passwords, and there is an enterprise trying to steal your information”.


Help the Queen of Passwords choose a secure password – one of the games on


Artículo 12 seizes the opportunities provided by privacy controversies to advocate for the rights of youth. When a leak on Australian media showed that Facebook had been working with advertisers to target over six million psychologically vulnerable teenagers, they wrote a letter to the Facebook office in Mexico and the National Institute for Access to Information and Protection of Personal Data to find out if a similar experiment had been carried out in the country. They also joined organizations led by the Center for Digital Democracy in the United States in writing a letter to Mark Zuckerberg.
Why is an organization like Artículo 12 interested in youth at all? “There is a whole discourse that says that kids don’t worry about anything; however, when we take a closer look, youth are generally more familiar with digital tools than adults sometimes. They know better than their parents how to manage privacy on their Facebook accounts and mobile phones. They have developed ways to avoid family or corporate monitoring. Danah boyd has written about the ways youth protect their privacy. So we need to teach them and give them more ways to protect themselves. Help themunderstand how their personal data can be abused.”
“Age-appropriate language would help youth not feel powerless before a privacy notice. Sometimes, youth don’t know what to do, how to complain about what’s happening. Even on websites and sites that are cleary intended for youth, the [privacy] language is like that of lawyers communicating to adults”. Cédric thinks this understanding on the side of youth users is necessary to close the gap between data protection legislation and corporate actions. When users know their rights are violated, they can seek out organizations that will help them challenge corporate practices.
One of these organizations is None of Your Business, a new European Union-based non-profit organization that defends the right to privacy through collective actions against enterprises. Their work is essential in the face of the impending General Data Protection Regulation which will be enforced in the European Union later this year. Cédric mentions them as an organization that inspires the work of Son Tus Datos; however, their work style cannot yet be replicated in Mexico, where class action lawsuits have not been exercised.
Regardless of the limitations of doing privacy work in the Mexican context, the work carried out by Artículo 12 shows a productive way out of the tension between digital rights advocacy and youth rights at large. “The reason why not many organizations want to work on youth issues is that many stakeholders use data protection of minors as a way to limit the freedoms of adults by enabling surveillance practices. For example, in the US there have been legislative attempts to ‘protect kids from pornographic sites’ by asking people to send a copy of their ID to use them. They wanted to protect kids but ended up reducing privacy”. Through their work, Cédric and his team give a different take on the defense of digital rights that does not ignore youth needs.

You can read more on Artículo 12’s data protection program at; and on Defensores Digitales, their website for youth.