Six years ago, TEDIC officially launched the Antipyrawebs Observatory, a platform built with free and open-source software, designed as a repository of news and information on digital rights. Since then, the site has become a key resource for tracking crucial issues in the digital sphere, consolidating a database of 1,764 articles organized into 14 distinct categories.
2024 marked a significant milestone for the Observatory: 398 articles were mapped, doubling the 195 recorded in 2023 and representing a growth of 104%. This increase reflects the rising interest in and relevance of discussions on technology and rights within Paraguay’s digital landscape.
One of the most prominent sections of the year was innovation, which accounted for 20% of the content, with 67 articles. Within this section, the debate around Artificial Intelligence emerged as the central theme of 2024. The personal data category also played a key role, with 58 articles (17.31%), driven by the legislative debate on the personal data protection bill, which has already passed the Chamber of Deputies. Other relevant categories included privacy, with 37 articles (11.04%); freedom of expression, with 33 articles (9.85%); and cybersecurity, with 28 articles (8.36%), mostly related to data breaches and cyberattacks targeting public institutions and companies.
The remaining content was distributed among regulation (8.36%), connectivity (6.57%), democracy (5.67%), gender (5.7%), electronic voting (3.58%), other (2.99%), education (0.90%), and copyright (0.30%). This data reflects not only the growth of the Observatory but also the evolution and complexity of the digital issues facing society today. At TEDIC, we reaffirm our commitment to continue monitoring, informing, and fostering open debates on technology, rights and democracy.
2024: A Year Marked by the Anti-NGO Law in Paraguay – Alarming Setbacks for Democracy
2024 will be remembered as a critical year for Paraguayan democracy. Law No. 7363/24 on the Transparency of Non-Profit Organizations, commonly known as the Anti-NGO Law, has raised serious concerns among both civil society and the international community. Under the guise of promoting transparency, this law introduces a vague and ambiguous legal framework that enables excessive control over non-governmental organizations (NGOs), threatening freedom of association and undermining key pillars of democracy.
At TEDIC, we firmly express our concern regarding the approval of this law. We believe it represents a direct violation of the right to freedom of association and poses a serious threat to the autonomy of civil society organizations, particularly in relation to their funding and their ability to operate independently to defend and promote human rights. Amid the debates surrounding this law, TEDIC was subjected to baseless attacks by Senator Lizzarella Valiente, who made irresponsible accusations that spread disinformation about our work. During her public intervention, the senator misrepresented our work of over a decade at both the national and international levels, taking our activities and funding sources on key digital rights issues out of context.
A minister from the Superior Court of Electoral Justice (TSJE) also publicly expressed concern about the alleged lack of transparency in civil society organizations, suggesting that entities such as TEDIC should adjust to the new controls imposed by the law. In response to these statements, TEDIC categorically denied having entered into any agreements with the TSJE and rejected the claims as unfounded, expressing concern over the spread of misinformation in an already hostile environment for NGOs.
The law, enacted by President Santiago Peña in November 2024, imposes disproportionate registration and reporting requirements that threaten to stifle NGOs and restrict their scope of action. Although implementing regulations have yet to be issued, its mere existence already poses a direct threat to the work of those defending human rights and strengthening democracy in Paraguay.
In this concerning scenario, TEDIC reaffirms its commitment to the defense of human rights, genuine transparency and resistance against regulations that seek to undermine the country’s democratic fabric. We will continue working alongside other organizations to expose and denounce these threats, and to demand a legal environment that respects and guarantees our freedoms.
Artificial Intelligence in Paraguay: Advances, risks, and the urgency of a human rights approach
The year 2024 solidified a growing global trend: the accelerated incorporation of artificial intelligence (AI) into various areas of public and private life. Paraguay was no exception. Although still in an initial phase, the deployment of AI-based tools in the public sector is already generating significant impacts and, with them, new concerns regarding digital rights.
Within the framework of the Global Index on Responsible Artificial Intelligence, an international initiative that analyzes and compares AI regulation across countries, TEDIC was responsible for the analysis corresponding to Paraguay. The country ranked 84th out of 138, with a score of just 6.33 out of 100, highlighting significant regulatory gaps. In the Latin American context, Paraguay ranked 14th out of 19 countries analyzed in the region by the Latin American Artificial Intelligence Index. One of the main challenges identified is the absence of a personal data protection law, which limits the development of ethical, human-centered artificial intelligence. At TEDIC, we stress the urgency of building AI governance that promotes well-being and fundamental rights.
Regarding the use of artificial intelligence by the Paraguayan State, one of the most notable cases was the EmpleaPY platform, designed to facilitate access to job opportunities through automated processes. It was developed by the Ministry of Labor, Employment and Social Security (MTESS), with support from the Inter-American Development Bank (IDB). By February 2024, the platform had facilitated over 14,200 labor intermediation processes through automated means. Together with the organization Derechos Digitales, TEDIC investigated the platform’s operation and raised concerns about serious privacy shortcomings. The study found that its implementation lacked a prior data protection impact assessment, in a national context that still does not have specific legislation on the matter. The research also examined the platform’s operation within the broader process of digitalization of the Paraguayan State and warned about the use of automated decision-making systems in the labor field, without transparency on algorithmic criteria or safeguards for users.
Other institutions also made progress in incorporating artificial intelligence. The Public Prosecutor’s Office launched the Technical Assistance System (SAT), a platform that supports the work of prosecutors and officials through legal consultation tools and specialized resources in criminal and human rights law. While this type of technology can streamline processes, it also requires oversight to prevent errors or misuse. Meanwhile, the Ministry of Public Defense is developing AuroraLex, a tool designed to assist public defenders in areas such as child protection, civil and criminal law. The system integrates legislation and case law and is trained to generate automated legal analyses. To ensure its proper use, users are being trained on how to navigate the platform, analyze legal documents and draft legal texts effectively.
In July 2024, Paraguay took an important step by inaugurating its first public technology innovation laboratory, the TechLab, driven by MITIC with support from the IDB. This space is envisioned as a strategic center for the development of use cases, research and workshops aimed at promoting digital transformation from a regional perspective. It is the IDB’s third laboratory in Latin America, following those in Washington, D.C. (2017) and Panama (2022).
In October 2024, MITIC participated in the Second Ministerial and High Authorities Summit on the Ethics of Artificial Intelligence, held in Uruguay. The event brought together government representatives from Latin America and the Caribbean with the goal of strengthening regional cooperation and promoting policies aligned with the UNESCO Recommendation on the Ethics of Artificial Intelligence. Key topics discussed during the summit included AI governance, public-private collaboration and the application of AI to areas such as climate change.
In the same month, Paraguay took another step towards the ethical and responsible development of artificial intelligence by joining UNESCO’s global initiative to assess its readiness in this field. In collaboration with UNESCO, MITIC, and the National Council of Science and Technology (CONACYT), the goal is to implement the AI Readiness Assessment Methodology (RAM) in Paraguay, which has already been applied in over 50 countries. This effort is significant, as it reflects the government’s interest in promoting the responsible development and use of artificial intelligence in the country. However, it is essential that the process includes a human rights-based approach, transparency and citizen participation, ensuring that technological policies respond to societal needs and do not compromise privacy or individual freedoms. As part of the process, citizens were invited to actively participate by commenting on the draft RAM document through November 2024. In 2025, the process is in its final stage, with publication expected from UNESCO and the Paraguayan government.
Furthermore, in November 2024, the First Annual Meeting of the Paraguayan Society of Artificial Intelligence (SoPaIA) took place. The event brought together experts, academics, entrepreneurs and representatives from the public and international sectors. Discussions focused on the use of artificial intelligence in education, health, agriculture and public policy, highlighting the need to promote the ethical and sustainable development of these technologies
These advancements demonstrate a growing interest in incorporating artificial intelligence into state institutions. At the same time, they reveal an urgent need to articulate actions and plans through a multi-stakeholder approach that guides the development and implementation of artificial intelligence in Paraguay, respecting human rights, ensuring transparency, protecting privacy and promoting social inclusion in the digital age.
Technology-Facilitated Gender-Based Violence is everywhere: a look at the 2024 media coverage
Technology-facilitated gender-based violence remains a serious concern in Paraguay, with several cases illustrating how digital tools can be used to exert control and perpetrate violence against women. In 2024, media outlets reported on various incidents that brought this issue to light.
IIn March 2024, women drivers from the ride-hailing app Bolt organized a collective operation in Villa Elisa to capture a serial rapist who posed as a passenger and had been identified through security camera footage from platform vehicles. The attacker used fake profiles on the app, deliberately selecting the “woman” option to be matched with female drivers, and then assaulted them in isolated areas at knifepoint. Despite multiple reports, authorities failed to take effective action, prompting the workers to take matters into their own hands. Led by Leticia Vargas, president of the Kuña Pope App-Based Drivers Association, the women tracked the perpetrator for over 20 days until they managed to capture him. This case underscores the precariousness of digital safety in the platform economy and how the absence of institutional response forces workers to take personal risks to protect themselves.
In July 2024, the Journalists’ Union of Paraguay expressed deep concern over the rejection of the provisional dismissal of journalist Mabel Portillo, from the GuairáPress news outlet. Portillo is facing a lawsuit brought by the mayor of Yataity, Gloria Duarte, in the department of Guairá, and the case could escalate to a public trial. Further aggravating the situation is the decision by the Jury for the Impeachment of Magistrates to archive the records of the judges reported by Portillo herself. This case reflects a troubling trend of using the judicial system to silence journalists. It also puts at risk freedom of expression, a cornerstone of any democracy. The outcome of Portillo’s case will be critical, not only for her as a journalist, but also as a precedent in the broader fight for press freedom and the public’s right to information. Additionally, the growing misuse of the Comprehensive Law for the Protection of Women as a tool to silence criticism and impose censorship is alarming, as it distorts the law’s true purpose: to protect women from real situations of violence.
During the same month, Olympic swimmer Luana Alonso announced she was stepping away from social media due to fear caused by online threats and attacks. The situation worsened after her participation in the Paris 2024 Olympic Games, when unfounded rumors about her behavior in the Olympic Village surfaced, increasing her exposure in both digital and traditional media.
In December 2024, it was discovered that a family in San Lorenzo was being spied on through their closed-circuit television, with the footage exposed online as part of a so-called “reality show.” The technician who had installed the equipment was arrested but later released by order of the prosecutor. These precedents underscore the urgent need to recognize and address online gender-based violence. These are not isolated incidents, but manifestations of technology-facilitated gender-based violence that takes many forms: harassment, surveillance, threats, information manipulation and even the misuse of laws designed to protect women. Media coverage throughout 2024 clearly revealed how digital security gaps, weak implementation of legal frameworks and fragile institutional responses place women in situations of extreme vulnerability. Public institutions must not only acknowledge this issue but take an active role in its prevention and response, through specific public policies, judicial processes with a gender perspective, awareness campaigns and the implementation of Law 5777 to ensure justice and protection in digital spaces. Online gender-based violence is real, and only decisive action from the State can build a safer and more equitable environment for all.
Personal data protection in Paraguay: A bill that cannot wait
In an increasingly digitalized world, where our personal data flows through borderless applications, platforms and systems, clear and robust legislation is no longer optional, it is urgent. In Paraguay, this urgency takes the form of a bill that aims to address a longstanding legal gap and establish clear rules for the collection, use and protection of personal data.
The lack of a comprehensive personal data protection law in Paraguay has raised concerns across various sectors of society. A clear example is the involvement of organizations such as the Asunción Metropolitan Area Passengers Organization (OPAMA) and the National Federation of Secondary Students (FENAES), which joined the “My Data, My Rights” campaign led by TEDIC to raise their concerns about personal data. Featuring content in Guaraní and a strategy designed to reach diverse audiences, the campaign aimed to highlight the urgent need for legislation to safeguard the personal data of students, public transport users and the general public. This collective action brought a clear demand to the table: our data deserves protection.
The Personal Data Protection Bill, in addition to defining rights and obligations for all involved parties, proposes the creation of a specialized agency responsible for overseeing and enforcing the regulations. However, the legislative path has not been easy. In July 2024, a new version of the bill was presented, the result of a broad collaborative process involving the Science and Technology Commission of the Chamber of Deputies, MITIC, the Presidency of the Republic, and the Personal Data Coalition, in which TEDIC actively participates. While references were drawn from international legislation, the project’s approach is adapted to the Paraguayan reality, aiming to balance individual rights with institutional needs. Although positive expectations were raised in July 2024 about possible progress in Congress, the subsequent months revealed a more complicated reality. The bill was attempted to be discussed on three occasions: August 7, September 3, and finally, September 24, a session marked by the real risk of indefinite postponement. The Colorado Party majority requested the indefinite postponement, which would have meant shelving the project with no return date. However, thanks to the firmness of the opposition and the accumulated technical support, the discussion was successfully maintained on the legislative agenda.
In December 2024, the Chamber of Deputies approved the bill in general, albeit with last-minute modifications proposed by the Executive Branch. The detailed article-by-article study was left pending and postponed to 2025.
We reiterate our commitment to continue dialogue with all involved stakeholders so that the bill receives the treatment it deserves. Paraguay deserves modern legislation that protects the digital rights of all individuals and contributes to building a safer and more transparent environment. Data protection is not a luxury: it is a fundamental right. And it is time for our legislation to reflect this.
Constant hacks on state institutions and the private sector: our personal data exposed without legal protection.
The absence of a comprehensive personal data protection law in Paraguay has given rise to a series of concerning situations that reveal just how exposed citizens are to the misuse of their information. Without a legal framework to regulate the access, handling and safeguarding of personal data, both public institutions and private actors operate in an environment where our data remains unprotected.
In March 2024, several cases drew attention. The Social Security Institute (IPS) temporarily suspended the proof of life check for retirees, evaluating the possibility of using databases from other state entities to verify the status of beneficiaries. While the measure aims to optimize resources, it raises concerns about the security and privacy of retirees’ personal data.
On the other hand, in the same month, a judge ordered the extraction of email data from Carlos Arregui and former SEPRELAD officials, as part of a complaint filed by former president Horacio Cartes. The lack of clear protocols for accessing digital information in judicial contexts leaves wide room for potential abuse or leaks of sensitive data. Also in March, it came to light that citizens’ tax data was being auctioned on the deep web, highlighting the risks of operating without clear regulations.
In September, the Journalists’ Union of Paraguay (SPP) condemned the leak of confidential information about journalists by sectors linked to the ruling party, in an apparent attempt to intimidate or discredit their investigations. The information was reportedly obtained from the Commission of Inquiry into Money Laundering, and its misuse represents a direct threat to press freedom and the country’s democratic principles.
Tenders and techonology implementations without a personal data protection law
In April, then-Minister of Justice Ángel Barchini was linked to allegations of irregularities in the tender process for electronic ankle monitors. The controversy surrounding the process was so intense that control of the monitoring system was transferred to the Ministry of the Interior.. This case highlights another critical dimension: the use of surveillance technologies without adequate regulation can facilitate abuses in sensitive contexts such as the criminal justice system.
In August, a new point of conflict emerged: the mandatory implementation of Electronic Identity for submitting public information access requests. The measure was widely questioned by journalists and organizations like the SPP, who warned of the risks of surveillance, identity theft and potential retaliation against those exercising their right to access information. In addition to hindering the exercise of a right, it forces people to hand over personal data without clear guarantees of protection.
In the area of migration, the National Directorate of Migration has advanced the digitalization of procedures with tools such as pre-migration registration and the use of e-Gates at airports. While presented as innovations, these technologies also involve the collection of large volumes of personal data, without a legal framework that sets limits or establishes control mechanisms for their use.
All these episodes, scattered across sectors as diverse as health, justice, journalism, migration and public administration, share a common denominator: the absence of a personal data protection law to safeguard citizens. The urgency of this legislation is not a technical or distant issue, but a basic necessity to guarantee fundamental rights in the digital age. Without a law, there is no safeguard.
Facial recognition: Security or mass surveillance in Paraguay?
In recent years, Paraguay has increased the use of surveillance cameras in public spaces. What began as a strategy to improve security, today raises serious concerns about human rights such as privacy, freedom of expression and the presumption of innocence.
In March 2024, the Senate passed with amendments the bill “On the Prevention, Control, and Eradication of Violence in Sports,” which includes the use of facial recognition in sports stadiums. Just three months later, in June, Law 7269/2024 was enacted, incorporating among its most controversial measures the use of facial recognition in stadiums. From that moment on, the collection of biometric data from all attendees has been authorized, without distinguishing between individuals involved in violent acts and those simply attending to enjoy the sport. This law, passed in less than a year and without sufficient legislative debate, reflects a lack of consultation with affected individuals, digital rights experts and civil society organizations. At TEDIC, we express deep concern over a law that enables and promotes the mass collection of biometric data, classified as sensitive data, without establishing clear criteria. This is particularly alarming in a country that lacks a comprehensive personal data protection law and has recently implemented mass biometric surveillance technologies without transparency, accountability or a proper human rights perspective.
Paraguay has already implemented biometric surveillance technologies without transparency or accountability. For this reason, TEDIC promotes strategic litigation to demand greater transparency in the State’s use of these tools. The lawsuit, initiated in 2019, received a partially favorable ruling in 2024 from the Supreme Court of Justice. This decision represents a significant victory for human rights and access to information.
Although the ruling did not directly resolve the core issue – that is, it did not rule on the existence or lack of transparency in the use of facial recognition – the resolution does point to an important aspect: the lower courts misapplied the law, which resulted in an arbitrary ruling. This is crucial, as the Constitutional Chamber of the Court upheld the validity of a procedural rule that establishes the proper procedure for amparo (a legal action for the protection of constitutional rights) concerning access to information. This represents a positive step forward in the defense of transparency and the right to information. The Court’s resolution opens a new opportunity for the Court of Appeals to issue a favorable decision, correctly applying the law and relevant human rights standards on access to public information, privacy protection and transparency in the use of biometric technologies.
Privacy unprotected in the name of security and defense
In Paraguay, increasing investment in security and defense has brought technological advancements, but it has also raised concerns about the protection of citizens’ privacy. President Santiago Peña announced a USD 500 million investment to strengthen national security and defense, including the acquisition of advanced technology for the Armed Forces and the National Police. While these measures aim to combat organized crime and ensure internal security, they also raise questions about how the collected personal data will be used and managed.
In this context, legislative initiatives aimed at regulating the use of surveillance technologies have been introduced. Deputy Yamil Esgaib proposed a bill that would allow the Police and the Public Prosecutor’s Office to access recordings from closed-circuit television (CCTV) cameras installed on private property, provided that property owners inform the authorities in advance. Although the intention is to improve security, the proposal has been criticized by human rights organizations, which warn about the risk of abuse and the potential for authoritarian practices.
Furthermore, another bill is being debated that seeks to regulate the use of video cameras by the National Police in public places. The initiative aims to enhance public safety and prevent crime, but it also poses challenges concerning the protection of citizens’ fundamental rights and public freedoms.
These developments underscore the urgent need for comprehensive legislation that guarantees the protection of privacy and digital rights in Paraguay. Without a personal data protection law, surveillance initiatives run the risk of violating fundamental rights and eroding trust in institutions. It is essential for the Paraguayan state to promote a balance between security and privacy, ensuring that the measures adopted are transparent, proportional and respect human rights.
Paraguay advances towards a National Cybersecurity Strategy: challenges and opportunities
In a global context where digital threats are becoming increasingly sophisticated, Paraguay has taken steps towards formulating its 2024–2028 National Cybersecurity Strategy. The process was led by MITIC, with support from the OAS Cybersecurity Program and the collaboration of various stakeholders from the country’s digital ecosystem. On November 14, 2024, the draft strategy was presented, followed by a public consultation period that lasted until December 6 of the same year. The drafting process included a series of consultations with different stakeholders, although these lasted only three weeks. Organizations like TEDIC have pointed out that, despite these efforts, the final document lacks a comprehensive approach that addresses key aspects such as personal data protection, user privacy and the inclusion of vulnerable groups.
Among the main concerns expressed by civil society are the need to incorporate a cross-cutting human rights perspective, ensure the security of communications and internet browsing, and the urgent need for a comprehensive personal data protection law. The connection between personal data protection and cybersecurity had already been addressed earlier in 2024 by MITIC and Congress. Furthermore, the importance of adopting an open consultation methodology based on a multistakeholder approach that fosters direct dialogue among all stakeholders has been emphasized.
Despite these challenges, the formulation of this strategy represents an opportunity to strengthen the country’s cybersecurity capabilities and build a safer and more reliable digital environment for all Paraguayans. Active citizen participation and collaboration among the government, civil society, academia and the private sector are fundamental to the success of this process.
Cyberattacks in Paraguay: A Warning Sign We Cannot Ignore
2024 began with a major wake-up call regarding cybersecurity in Paraguay. In January, the company Tigo, through its Tigo Business service, fell victim to a ransomware attack: a type of cyberattack that involves the hijacking and encryption of sensitive information hosted on their servers, with the aim of demanding a ransom for its release. This incident is not isolated; rather, it represents an increasingly alarming trend. Breaches of computer systems, both public and private, have become routine in the country, leaving the data of thousands of people exposed.
Days after the Tigo case became public, another episode triggered alarms. Digital security experts detected that databases originating from Paraguayan entities, including those of other telecommunications companies, brokerage houses and various other sectors, were being offered on the deep web. Although a direct link between both events was not confirmed, the truth is that they starkly illustrate the same problem: the fragility of our data protection systems. The frequency of these incidents and the seriousness of their implications compel us to rethink current strategies.
In March 2024, an alarming incident once again exposed the fragility of personal data handling in Paraguay: the extraction of sensitive information from the Secretariat for the Prevention of Money Laundering (Seprelad) was reported, carried out without the knowledge or participation of the legal defense of those under investigation. The operation raised serious concerns about the legality of the procedure and the potential manipulation of data. Most concerning is that this type of leak not only compromises judicial processes but also exposes highly sensitive personal information, without clear guarantees of protection or accountability. In a country that still lacks a comprehensive personal data protection law, this case highlights the urgent need to establish legal frameworks that safeguard citizens’ privacy against the improper use of their data by the state.
In November 2024, Paraguay was the site of a cyber incident that attracted international attention. According to a joint statement from MITIC and the U.S. Embassy in Paraguay, an infiltration of government systems by a cyberespionage group linked to China was detected. This attack underscores the growing concerns about digital security in the country and the urgent need to strengthen national technological infrastructure.
These incidents once again highlight the need for clear and up-to-date legislation on personal data protection, a topic also under debate in Congress, and on cybersecurity practices. Without firm regulations, proper oversight and a preventative digital culture, such attacks will continue to happen and affect an increasing number of people.
A year of rights and resistance: 2024 digital review and what lies ahead in 2025
2024 was a pivotal year for Paraguay at the intersection of technology, digital rights and public policy. At TEDIC’s Antipyrawebs Observatory, we compiled and analyzed the main milestones and challenges surrounding key issues that shaped the national agenda: artificial intelligence, personal data protection, technology-facilitated gender-based violence, facial recognition, cybersecurity and democracy. These topics reflect both technological progress and the persistent challenges our country faces in protecting digital rights.
As 2025 unfolds, crucial debates are emerging:
- Artificial intelligence continues to expand, bringing with it pressing questions about its ethical use, risks and impact on everyday life.
- The pending regulation of the so-called “Anti-NGO Law” and the actions of the Bicameral Commission for the Investigation of Asset Laundering are triggering setbacks in fundamental freedoms.
- Digital security breaches, such as the data leak linked to the hack from Brazil to Paraguay, underscore the urgent need for a Personal Data Protection Law and a strengthened, human rights-based national cybersecurity strategy.
2025 invites us to continue working from civil society, in alliance with other sectors, to ensure that digital rights become a reality. We continue to advance our mission to protect human rights in digital environments and to influence public policies that promote a more just and inclusive society. In this regard, we reaffirm our commitment to continue fighting for legislation that guarantees personal data protection and cybersecurity, strengthens democracy and promotes gender equality, with the aim of ensuring a safer digital future for all.
If you want to explore our trend summaries from previous years, you can find them here: 2021, 2022 y 2023
This publication has been funded by the European Union. Its content is the sole responsibility of TEDIC and does not necessarily reflect the views of the European Union.
[Research] Technology-facilitated gender-based violence against women politicians in Paraguay 
Access to justice in the digital Age: Our contributions to the IACHR