What Ruling T-067/25 Tells Us About the Future of Algorithmic Transparency in Colombia

Colombia’s Constitutional Court, through its Ninth Review Chamber, issued a landmark ruling on the tension between the state’s technological security and citizens’ fundamental right to know how public digital tools operate.

1. The Context of the Case

A citizen filed a constitutional protection action against the National Digital Agency (AND), the National Institute of Health (INS), and the Ministry of Health after these entities refused to release the source code for the CoronApp, which was used during the COVID-19 pandemic. The entities argued that disclosing the code would jeopardize the privacy of user data, the security of public health measures, and the developers’ copyrights.

2. The Legal Issue

Does the government violate the right of access to public information by refusing to disclose the source code of a government application on the grounds of security and technical confidentiality?

3. Key Points of the Decision

  • Algorithmic Transparency: The Court introduces this concept as a fundamental guarantee in a democratic society. It establishes that citizens have the right to understand how Automated Decision-Making Systems (ADMS) collect and process their data, especially when these decisions affect fundamental rights.

  • The “Harm Test”: The ruling clarifies that the government cannot use generic arguments to deny access to public information. It must demonstrate that disclosure would cause present, real, probable, and specific harm that outweighs the public interest in knowing the information. In this case, the Court determined that the agencies failed to meet this burden of proof.

  • Security vs. Transparency: The Court determined that it was possible to protect personal databases through technical measures (such as separating data and credentials) without having to keep the source code completely secret.

  • Principle of Maximum Transparency: The Court reiterated that, when it comes to state-run technological tools, transparency must take precedence. Opacity in public software prevents society from assessing whether the State acts with justice, equity, and respect for human dignity.

4. The Court's Decision

The Court granted the injunction to protect the fundamental right of access to public information, noting that both the administrative agencies and the trial court judges erred by failing to apply an appropriate balancing of interests and by accepting the technical exemption without sufficient legal and evidentiary support.

5. Impact on the Future

This ruling sets a binding precedent for any public entity that uses algorithms or software to interact with citizens. From now on, the government must:

  1. Clearly identify the legal basis for any reservation.

  2. Implement strategies to increase the availability of information about its algorithmic systems.

 

Colombia’s Constitutional Court, through its Ninth Review Chamber, issued a landmark ruling on the tension between the state’s technological security and citizens’ fundamental right to know how public digital tools operate.

1. The Context of the Case

A citizen filed a constitutional protection action against the National Digital Agency (AND), the National Institute of Health (INS), and the Ministry of Health after these entities refused to release the source code for the CoronApp, which was used during the COVID-19 pandemic. The entities argued that disclosing the code would jeopardize the privacy of user data, the security of public health measures, and the developers’ copyrights.

2. The Legal Issue

Does the government violate the right of access to public information by refusing to disclose the source code of a government application on the grounds of security and technical confidentiality?

3. Key Points of the Decision

  • Algorithmic Transparency: The Court introduces this concept as a fundamental guarantee in a democratic society. It establishes that citizens have the right to understand how Automated Decision-Making Systems (ADMS) collect and process their data, especially when these decisions affect fundamental rights.
  • The “Harm Test”: The ruling clarifies that the government cannot use generic arguments to deny access to public information. It must demonstrate that disclosure would cause present, real, probable, and specific harm that outweighs the public interest in knowing the information. In this case, the Court determined that the agencies failed to meet this burden of proof.
  • Security vs. Transparency: The Court determined that it was possible to protect personal databases through technical measures (such as separating data and credentials) without having to keep the source code completely secret.
  • Principle of Maximum Transparency: The Court reiterated that, when it comes to state-run technological tools, transparency must take precedence. Opacity in public software prevents society from assessing whether the state acts with justice, equity, and respect for human dignity.

4. The Court's Decision

The Court granted the injunction to protect the fundamental right of access to public information, noting that both the administrative agencies and the trial court judges erred by failing to apply an appropriate balancing of interests and by accepting the technical exemption without sufficient legal and evidentiary support.

5. Impact on the Future

This ruling sets a binding precedent for any public entity that uses algorithms or software to interact with citizens. From now on, the government must:

  1. Clearly identify the legal basis for any reservation.
  2. Implement strategies to increase the availability of information about their algorithmic systems.
  3. Ensure that government technology is not a “black box” beyond the reach of public oversight.

By Henry Bustos