Improper use of proprietary data on computer media in Bolivia: background, legislation, and reform proposal

In Bolivia, the proliferation of scams digital, fraud, online banking, improper access to personal accounts, and other computer-related crimes it has caused economic losses, damages to the privacy and security risks citizen. The penetration of mass Internet and social networks, together with the lack of knowledge of basic measures of cyber security on the part of the populationhe has provided opportunities for criminals to exploit technology for illicit purposes. This boom crime is aggravated by the lack of complaint: experts point out that the shame of the victims, the distrust in the justice and the lack of knowledge in digital security are three main causes that many cybercrimes are not reported in Bolivia. These factors have allowed that many incidents go unpunished, encouraging recidivism.

Given this scenario, it is essential to contextualize the growth of computer crime in Bolivia and critically analyze the response of the law. Then, we present recent statistics on computer crime in the country, a review of bolivian law (including the failed attempt to reform criminal, 2017), comparisons with legal frameworks of neighbouring countries, and expert opinions on deficiencies in current regulations. Finally, we will propose a making it a criminal offence-specific for the crime of improper use of proprietary data on computer media, as part of a necessary legal reform integral.

The magnitude of the problem in Bolivia is reflected in the statistics compiled by 2025. In the year 2023, the Observatory of Computer-related Crimes Bolivia (ODIB) registered 3.768 cases of cyber crimes in the country. These figures represent a considerable increase compared to previous years; for example, it reported an increase in the 43% in the scams digital during the first half of 2023 in comparison with the same period in 2022. The computer crimes most commonly include the fraud or scam computer, online threats and grooming (sexual harassment digital). Jurisdictions La Paz, Santa Cruz and Cochabamba account for the higher incidence of these crimes , which coincides with the regions of major economic activity and use of technology.

Within the modalities of cybercrime that are of greatest concern in Bolivia are those related to the identity theft and the misuse of personal or financial data. Police authorities have investigated cases of kidnapping of messaging accounts (for example, accounts of WhatsApp) where the criminal impersonates the identity of the victim to request their contacts, money transfers to bank accounts, using deceptions credible. This method, known as fraud WhatsAppit has become recurrent and difficult to pursue with figures traditional criminal court. In the same way, are reported increasingly creations of fake profiles in social networks (Facebook, TikTok, Instagram) in order to defame, defraud, or affect the reputation of people, public and private. These behaviors involve the unlawful use of outside data (name, photographs, information and staff) to commit crimes ranging from the scam estate until the violation of the honor, or privacy.

The official data and independent studies paint a troubling picture. Women accounted for 54.7% of the victims of computer crimes in Bolivia, being especially vulnerable to online frauds and extortions of a personal nature. For every age group, young people from 16 to 35 years are the most affected, given their greater use of social networks and digital platforms. In addition, incidents resonant have exposed flaws in the protection of data: for example, in 2024 it denounced the alleged sale on underground forums of a database with personal information 12.5 million bolivians, which broke out alerts on the security of information in the hands of public and private entities.

In summary, the statistics until 2025 confirm that Bolivia faces a rising tide of cybercrime, among which the impersonation digital identity and the unauthorised use of personal data occupy a prominent place. This phenomenon has overwhelmed the response capacity of the existing legal framework, generating a gap between the reality of the criminal and legal tools to fight it. Below, we examine how the legislation bolivian have tried (and sometimes failed) to give an answer to these challenges.

Legislation bolivian current in the field of computer crimes

Current Criminal code and current scope

Bolivia lacks a special law of computer crimes; instead, the Penal code (which originally dates back to 1972, with subsequent amendments) contains only two types of crimes-specific in this matter. These provisions were introduced by Law no. 1768 of 1997, which added the Chapter XI “Computer Crimes” the Criminal Code. This chapter sets out:

• Article 363 bis (computer Manipulation): Punishes the who, with the intent of obtaining an undue advantage, “handling a processing or any transfer of computer data” causing an incorrect result in prejudice to a third party, and that this results in a transfer wealth is not due. In essence, makes the computer fraud through alteration of data or programs (a figure analogous to the scam but executed by digital media). The punishment is 1 to 5 years of imprisonment more fine.
  

• Article 363 ter (Alteration, unauthorized access and improper use of computer data): Punishes the who, “without being authorized to take over, access, use, modify, delete or disable the data stored in a computer or computer support, causing damage to the owner of the information”. This figure covers the illegal access to systems or databases and the unauthorized use of digital information of others. Interestingly, the expected penalty is much more mild than that of the previous offence: provision of work for up to a year or fine of up to 200 days, which denotes that the legislator 1997 conceived of these behaviors as less serious (crimes against property computer without transfer direct economic).

In addition, other rules bolivian touching tangentially the subject computer science: for example, the Act 164 of Telecommunications (2011) regulated aspects of digital signature, e-commerce and data communication, and the Law 3325, 2006 addressed child pornography in digital environments. However, none of them creates criminal offences new behaviors specific computer, beyond adequate crimes traditional to the Internet (as in the case of child pornography).

In synthesis, the penal framework bolivian current is extremely limited compared to the cybercrime. The articles 363 bis and ter —dating back more than two decades ago— are considered “too traditional and not adjusted adequately to the reality of social and technological change in the country”, perceiving its content as general and unclear. For example, the article 363 ter speaks of “using data to others without authorization causing prejudice”, but does not define if it includes the identity theft in social networks or the appropriation of digital profiles, which leaves room for interpretations. To do so would contravene principles of criminal fundamental as the taxatividad and legal certainty, which requires precise definitions of prohibited conduct.

In fact, in the judicial practice bolivian recent, many behaviors impersonation of digital identity have been framed forcefully in types traditional criminal court, with unsatisfactory results. For example, when a fraudster takes control of the account of Facebook or WhatsApp of someone else and cheating on their contacts to send money, prosecutors attempt to process the fact as common scam. However, “the computer manipulation of the account and identity theft as a means to commit fraud do not always fit perfectly in the constituent elements of a criminal offence of cheating”. Similarly, if someone creates a fake profile to defame another person, is used to crimes against honor (libel, slander) or via constitutional protection of the privacy, but these figures do not consider the particularities of the diffusion anonymous on digital platforms. In other words, the legislation in force presents gaps that prevent subsume accurately the new illegal conduct, generating grey zones of impunity. This reality motivated attempts of penal reform to modernize the classification, as detailed below.

History failed: the Code of the Criminal justice System (Law 1005) and its abrogation

Conscious of the need to update the regulations, the bolivian State enacted on December 15, 2017, the Law N° 1005 (Code of Penal System), which replaced integral to the Criminal Code of 1972. This new code —which should enter into force after 18 months of vacatio legis— included for the first time specific title dedicated to computer crime and adapted numerous types of offences to the digital age. The Law, however, 1005 never came to rule: he faced a strong rejection of social and from different sectors (medical, carriers, and the press, among others), which led to a few months after the Government promote your cancellation. Thus, by the Law N° 1027 January 25, 2018 is repealed completely the Code of the Criminal justice System prior to its entry into force, returning to Bolivia, the validity of the old Penal Code of 1972 (preserving, therefore, only the both plain items 363 bis and ter on computer crimes).

The frustrated Law 1005 represented a missed opportunity to modernize the criminal definition in the field of digital. In his Section IV related to computer crimesthe project incorporates figures as the personal data breachthe electronic scam, counterfeit computer science, among others (armonizándolas with international standards of harmfulness). Although it was not implemented, their existence showed the will of the legislator bolivian update of the penal framework. The abrogation sudden this reform left a legal vacuum: Bolivia returned to a rules-of-date, without criminal offences specific to phenomena such as the impersonation of digital identity, phishing, spreading not consensual, private data, etc

As a result, today the criminal law bolivian is widely perceived insufficient to address computer crime. The Delegation of bolivia to the UN recognized in 2019 the existence of “a legal vacuum product of the non-applicability of the laws existing to the new offences” committed using digital technologies, highlighting the urgent need to review and update the regulations. This gap regulations contrasts with the legal developments that have taken place in other Latin american countries, which have adopted specific legislation on cybercrime. Below, we present a comparison with the legal frameworks of Peru, Colombia and Argentina, whose experiences are illustrative.

The legal answer to the crime of impersonation of digital identity and illicit use of data has varied in the region. While Bolivia does not yet have a figure penal express such behaviors, neighbouring countries have reformed their criminal codes or enacted special laws in the last decade to address them more directly.

• Peru: Adopted in 2013 Law N° 30096 – cybercrime Lawthat typifies a variety of cybercrimes in a detailed way. Of particular relevance is the crime of impersonation of digital identity, enshrined in article 9. This precept, sanction, to whom, “using digital technologies impersonates the identity of a natural or legal person, provided that such conduct is some prejudice”, with penalties of 3 to 5 years of prison(fester to 6 to 9 years if the victim is a minor). Peru, therefore, explicitly recognizes the identity theft online as a figure criminal autonomous, separate from the fraud that is traditional, which has made it easier to prosecute cases of fake profiles on social networks, fraudulent e-mails (phishing), etc., in Addition, the peruvian legislation contemplates crimes complementary as the unlawful access to computer systems, the adulteration of data and the traffic of personal information, with penalties commensurate with the severity and the damage caused. This modernization regulations placed Peru at the forefront regional criminal protection against the encroachment of digital identity.
  

• Colombia: Implemented in 2009 Law 1273, which amended its Criminal Code by integrating a chapter of computer crimes. Although Colombia does not have a figure called “phishing” exactly the same as the peruvian, your code represses behaviors equivalent by several articles. For example, the Article 269Fpenalizes the “to obtain, provide, use, or modify personal data contained in databases without authorization and for-profit or for the benefit of third parties”, protecting your personal information against misuse. Also, the Article 269I typifies the “theft by computer media”, which explicitly includes the act of “to circumvent security measures, or impersonate a user to steal the assets of others”. This last provision covers cases where the offender is transferred by another person in a computer system (for example, using your credentials) to commit a robbery, which covers, in practice, many cases of fraud by impersonation digital. In addition, Colombia punishes access for abusive systems (art. 269A), the interception of data (269b to merge), damage to computer (269D), the introduction of malware (269E) and the creation of fake websites or phishing (269G). The framework colombian is, therefore, quite complete: not only protects the confidentiality of data and digital identity, but also typifies schemes typical of attack (hacking, phishing, etc), with penalties ranging usually between 4 and 8 years in prison for these crimes. It should be noted that, in spite of their legislation advanced, Colombia (like Peru) complements their efforts with an active policy of cybersecurity and has acceded to the Budapest cybercrime Convention, facilitating international cooperation in the matter.
  

• Argentina: Amended its Criminal Code by the Law 26.388 2008incorporating various computer crimes in line with the Convention of Budapest. The reform of argentina introduced the illegal access to computer systems(introducing the art. 153 bis C. P.), the hurt or computer sabotage (art. 183 subsection 6 C. P.), the interception of electronic communications and several assumptions of computer fraud. For example, it is penalized obtaining and unauthorized disclosure of confidential data and the impersonation of web sites to capture information (behaviours comparable to the phishing). Although Argentina is not explicitly defined as a crime of “digital identity”, its regulations allows them to pursue the usurpation of personality online through types as the ideological falsity, fraud by deception computer or the use of a digital document of others. In particular, the traditional figure of usurpation of civil identity (art. 138 C. P., referring to assume marital status, or fake identity) could be applied to certain cases of theft of digital identity, complemented with the new figures computer when media systems. The argentine law also increased the penalties if the computer crimes affecting public services or involving children (for example, the distribution of child pornography on the Internet is severely punished). Notwithstanding these advances, lawyers argentine indicate that persist gaps, and continuously emerging new forms of attack are not provided for in existing laws, which has led to projects to update again by the Criminal Code and to lift some sanctions. In addition, Argentina has a scaffolding legal more robust than Bolivia, but it keeps evolving to meet the innovations of crime.
  

The regional comparison evidence that Bolivia is located behind in the definition of computer crime. While Peru has already punishes directly impersonation of digital identity and Colombia/Argentina have the legal tools to pursue the misuse of data and cyber frauds, Bolivia operates with types of crimes-general of limited scope. This situation has been advised by specialists: the country is not even part of the Convention de Budapest (2001) on cybercrime, unlike Peru who has subscribed , which also limits international cooperation in research of these transnational crimes. International experts have emphasized that the legislation bolivian “it shows a limitation in the definition and regulation” of cybercrime, urging to adapt to technological changes to meet social needs and to ensure legal certainty.

Below, you gather opinions of jurists bolivian and international discusses the deficiencies in the framework of criminal law current in Bolivia and propose ways of improvement, laying the groundwork for the legal reform that arises.

Shortcomings of the framework bolivian criminal and proposals for improvement, according to experts

The legal community agrees diagnose serious deficiencies in the framework of criminal law bolivian against cybercrime. On the one hand, national specialists highlighted the obsolescence and poor coverage of the types of criminal force; on the other, international experts point to the decoupling of Bolivia from the global standards in the field. These are some of the critical points mentioned:

• Insufficient coverage and lack of typing expressed: As mentioned, Bolivia only has two computer-related crimes in the Criminal Code (arts. 363 bis and ter). The Foundation Buildingin a diagnosis of 2021, noted that such a situation leaves atypical many unlawful conduct digital, “making a qualifying legal-individualized criminal” and allowing a high black figure of crime unpunishedbecause facts are not described explicitly in the criminal law cannot be punished without violating the principle of legality (nullum crimen, nulla poena sine lege) . This results in practical difficulties for processing cases of phishing, hacking, theft of network profiles, extortion, by electronic means, etc, that are outside the scope of the traditional figures.

• Evidentiary issues, and persecution: Jurists bolivians as Rigoberto Paredes (legal study) indicate that, in addition to the lack of criminal offences, there are obstacles such as the low complaint of these offences, and the complexity to identify authors. Many victims do not report out of fear or ignorance, and “the cases that go to trial are often dismissed for lack of sufficient evidence, or because you can not give to the authors”given the facilities of anonymity on the Internet and the frequent location of the servers on the outside . The absence of robust protocols for digital research in the Police and Prosecutor's office exacerbates the problem. In this regard, the attorney Erick Iriarte (Peru) stressed that Bolivia needs to modernize its technical capabilities and to adhere to international conventions, because in the digital age, the cross-border cooperation it is crucial to track evidence and responsible .

• Failure to update regulations and the principle of taxatividad: The doctrine of criminal emphasizes that the law should keep up with the evolving social and technological. In Bolivia, the gap is obvious. Professor V. C. Arequipa Bars looks at the types of criminal computer bolivians are so generic that do not comply with the requirement of precision of the criminal law, creating legal uncertainty . It also warns that it is “essential that a criminal act to comply with the principles of taxatividad, certainty and booking of law”, which is currently not happening in Bolivia with regard to computer crimes . This view is shared by international experts: the Organization of American States (OAS) it has urged the countries left behind to update its legislation following the guidelines of the Convention of Budapest, so clearly crimes such as unlawful access, computer sabotage, fraud, digital and abuse of personal data . Bolivia, however, has not implemented these recommendations to date.

• Attempts of recent legislative and reviews: In recent years, is presented bills isolated to deal with some aspects of the crime digital, although with a focus controversial. In 2023, a group of lawmakers has proposed the Draft Law N° 304 for “to regulate and punish the misuse of social networks”. This initiative contemplated new crimes as the counterfeiting of digital data and the traffic of personal data, and provided punishment of 5 to 7 years in prison for those who “creating a false identity or hackearan accounts in social networks damaging to the image or reputation of another person” . However, the project was heavily criticized by sectors of the civil society and the press, who saw it as a threat to the freedom of expression more than a tool against cybercrime . Finally, his treatment was suspended . This episode reflects the lack of consensus and a vision that is comprehensive technical in the legislative response: the proposals are likely to arise reactively (sometimes tinged with politicians) instead of framing a public policy cyber security and data protection.

In conclusion, the experts converge in Bolivia requires with urgent legal reform integral in the field of cybercrime. That reform should fill the gaps of typing (creating criminal concepts clear for the unlawful conduct digital today unpunished), provide operators of justice of best procedural tools to obtain electronic evidence , and to harmonize domestic law with international standards (for example, by adhering to the Convention of Budapest and cooperation with regional initiatives in cybersecurity).

The next section proposes a making it a criminal offence-specific directed to cover one of the lakes more sensitive: the crime of improper use of proprietary data on computer mediabeing defined as the impersonation of digital identity and other forms of free-riding of personal data of third parties on electronic platforms.

In the light of the foregoing, it is proposed to incorporate the bolivian Criminal Code a new offence criminalising of a clear and precise way the improper use of third party data on computer media. The wording suggested –made based on the identified needs and taking references of laws compared– is the following:

(Improper use of proprietary Data on Computer Media).– The person who, without authorization, with the intention of obtaining an undue advantage or in order to affect the image or dignity of the victim, use data or confidential information of others (whether personal, institutional or financial) as stated on computer media or electronic, or to impersonate the identity of another through a digital medium, generating damage to the owner of the information, or a third party, shall be punished with a prison term of two (2) to four (4) yearsin addition repair the economic damage. The penalty shall be increased to a prison term of three (3) to six (6) yearsmore economic repair when the victim is a child, a child or adolescent .

This classification proposal covers two purposes typical observed in the practice of crime bolivian: (1) the profit illicit using phishing (for example, someone who pretends to be another to obtain transfers of money, credit, goods, or accesses), and (2) the involvement, reputation, honor or rights personalísimos through the creation of identities or fake profiles (such as spreading false content or intimate of someone by pretending to be that person). The explicit mention of both the unauthorized use of confidential data as the impersonation of digital identitythe criminal code covers common scenarios of improper use of outside data in computer environments who today does not fit with precision on any figure.

The proposed penalty (2 to 4 years, agravable to 3 to 6 years if the victim is a minor) seeks to be proportional: it is more severe than is currently provided for the unlawful access simple (363 ter, which comes only to community work), but not to exceed the severity of crimes heritage older. In addition, the inclusion of the repair economic mandatorypoints to make restitution to the victim for damages of a material or moral injury, complementing the criminal sanction.

It should be noted that this formulation contains elements of foreign law that have shown efficacy. The requirement of prejudice for the victim is taken from the peruvian law in order to focus on the criminality in cases where the act really hurt legal property (whether property, privacy or honor). The mention of " spoofing “through means of an electronic or digital” covers from the theft of accounts in networks up to the creation of profiles apocrypha, similar to what is referred to in the regulations in colombia under the concept of impersonate a user . Also, the aggravating age (child victim) responds to the special vulnerability of children and adolescents in virtual environments, in line with the trend compared protect more strongly to the lower (as in Peru with increased penalties when the impersonated identity is that of a minor ).

This definition clearer and more detailed would subsume properly conduct that today remain in impunity, or need to be forced into types inapplicableensuring criminal proceedings more effective. For example, the case of the fraud via WhatsApp described above would fit perfectly in “use of proprietary data for the purpose of economic benefit, impersonating the identity of another via the digital environment”, in compliance with all the elements of the new type (where before you just settle with difficulty in the figure of scam) . In the same way, the creation of a fake profile to humiliate someone would be included in “affect the dignity of the victim by means of impersonation of digital identity”, that announcement would make the damage to the image that the crimes against the honor of traditional and do not cover .

In summary, the proposed Improper use of proprietary Data on Computer Media would fill a critical gap in the Bolivian Criminal codeby providing the operators of justice to be an ideal tool to pursue and punish both the fraud-based digital identity theft as the theft itself when damage extrapatrimoniales. However, this is only a part of the necessary reform. The effective implementation of this new type of criminal would also require specialized training to prosecutors and police in the digital research, campaigns of public awareness on cybersecurity, and international cooperation to prosecute offenders who operate from abroad .

The preceding analysis highlights the urgency of reforming the criminal-law framework bolivian to adequately address the misuse of data by other authors in computer resources and, in general, the cyber crime. Bolivia is located behind, both with respect to the sophistication of the crimes that occur daily, as compared with the regulatory developments in neighboring countries. This gap regulations committed to the protection of the legal property key: the heritage of the citizens (hemmed in by phishing scams), your privacy and intimacy (mangled by data breaches and phishing), and even their honor and personal safety (aggravated defamation in networks or digital bullying).

The recent statistics confirm an upward trend in cybercrime in Bolivia, exposing the population to increased risks without proper safeguards legal. The current legislation, anchored in articles written over 20 years ago, it has been clearly out of date compared to the types of crimes that take advantage of emerging technologies. Only to have the figures of computer manipulation and unauthorized access of data (363 bis and ter) is insufficient and obsolete . This limitation is contrary to the principles of legality and taxatividad, because many behaviors do not fit into the types present criminal, forcing interpretations extensive some guarantees, or worse, leaving zones of impunity. As well point to Arequipa Bars and other jurists, it is imperative that the criminal act to adapt to social and technological changes to meet the needs of guardianship and to resolve conflicts modern .

Examples of Peru, Colombia and Argentina show that yes it is possible and necessary to update the criminal law to address computer crimes specific (spoofing, phishing, data breaches, etc) with clear definitions and penalties proportional. Bolivia can take inspiration from these successful experiences, avoiding their errors. A reform well oriented should not become a tool of censorship or undermine fundamental rights (as feared with the project of social networks, 2023), but rather focus on effectively protect the citizenship abuse digital, in balance with freedoms such as freedom of expression. To do this, the participation of technical experts in the preparation of legislative is crucial, as well as a public debate transparent to legitimize the new rules.

The proposal for criminal definition of “misuse of proprietary data on computer media” presented in this article is a specific step in the right direction. Its adoption would fill one of the gaps more noticeable in the Criminal Code, providing a legal framework express to pursue the impersonation of digital identity and the use of illicit personal data. However, a comprehensive reform should also include the review of other types of criminal computer (for example, define the intrusion or unauthorized access with greater severity, the cyberbullying, the extortion digital, the alteration of critical computer systems, etc), the update rules of procedure to facilitate the obtaining of electronic evidence , and the consideration of mechanisms for international cooperation in research (Bolivia should seriously evaluate accede to the Convention of Budapest, which would provide a legal framework for mutual legal assistance in cybercrime ).

In conclusion, the rapid evolution of technology and the proliferation of crime in the cyberspace have created a inescapable challenge to the criminal justice system bolivian. Persist in the inaction of legislation will not only leave unprotected to the current victims, but sends a signal of impunity that encourages them to future offenders. Legal reform in this matter is urgent and necessary. To give Bolivia a regulatory body modern against cybercrime will strengthen the rule of law in the digital world, will safeguard fundamental rights of the people in line and will help to create an electronic environment more safe and reliable for the economic and social development of the country . In the words of the Observatory of Computer Crimes, only using “a comprehensive, collaborative approach” involving legal update, technical capabilities, and public awareness, we will be able to mitigate the negative impact of these crimes and to ensure the validity of the rule of Law in the digital age .

• Bolivian Criminal code (D. L. 10426, 1972, rev. Law 1768/1997), arts. 363 bis and ter.

• Law N° 1005 (2017) – the Code of the Criminal justice System Boliviano (repealed by Act N° 1027/2018).

• Observatory of Computer Crimes-of-Bolivia – Report on cyber crime in Bolivia 2023.

• Arequipa-Gates, V. C. (2023). “The modification of the bolivian Criminal Code in the incorporation of new computer-related crimes”. Juris Studia, 1(2), 83-100 .

• Rigoberto Paredes & Associates (2022). “What are cyber crimes? Is there legislation in Bolivia?” .

• Peru – Law N° 30096 (2013) Computer-related Crimes, art. 9 (Phishing digital) .

• Colombia – Criminal Code, arts. 269F (violation of personal data) and 269I (theft by computer using impersonación) .

• The Journal (02/06/2024). “Three causes that are not reported cybercrimes”, interview with E. Iriarte .

• Bill 304/2023 (misuse of social networking), proposed Text (suspended prior to their approval).