On August 23, 2024, the Brazilian Data Protection Authority (“ANPD”) published Resolution 19/2024, approving the Regulation on international data transfers and the content of standard contractual clauses (the “Regulation”). The Regulation implements the international data transfer framework under the Brazilian General Data Protection Law (“LGPD”).Continue Reading Brazil Issues New Regulation on International Data Transfers
Brazil
Brazil’s Senate Committee Publishes AI Report and Draft AI Law
On December 1, 2022, a committee of the Brazilian Senate presented a report (currently available only in Portuguese) with research on the regulation of artificial intelligence (“AI”) and a draft AI law (see pages 15-58) (“Draft AI Law”) that will serve as the starting point for deliberations by the Senate on new AI legislation. When preparing the 900+ page report and Draft AI Law, the Senate committee drew inspiration from earlier proposals for regulating AI in Brazil and its research into how OECD countries are regulating (or planning to regulate) in this area, as well as inputs received during a public hearing and in the form of written comments from stakeholders. This blog posts highlights 13 key aspects of the Draft AI Law.Continue Reading Brazil’s Senate Committee Publishes AI Report and Draft AI Law
Brazil’s ANPD Launches Public Consultation on the Processing of Minors’ Personal Data
On September 8, 2022, the Brazilian Data Protection Authority (“ANPD”) launched a public consultation on the processing of minors’ personal data (encompassing children under 12-years-old and adolescents between the ages of 12- and 18-years-old). The consultation will conclude on October 7, 2022. According to the ANPD, the purpose of the consultation is to resolve divergent interpretations among public authorities, academics, privacy professionals, and representatives of civil society regarding the Brazilian Data Protection Law’s (“LGPD”) provision on the processing of minors’ personal data (Article 14). The Authority will use the feedback it receives to draw up guidelines on the topic and, possibly, amend the LGPD.Continue Reading Brazil’s ANPD Launches Public Consultation on the Processing of Minors’ Personal Data
LGPD Effective Imminently
On August 26, 2020, the Brazilian Senate rejected an alteration made to Article 4 of Provisional Measure 959/20 — an alteration intended to postpone the effective date of the General Data Protection Law (“LGPD”) until December 31, 2020. Following the removal of Article 4 — and many months of uncertainty — the LGPD’s effective date now reverts to the originally scheduled date of August 16, 2020. The date for enforcement of fines and penalties remains as August 1, 2021, having previously been postponed by Law No. 14.010.
Continue Reading LGPD Effective Imminently
Inside Privacy Audiocast: Episode 3 – Emerging Data Privacy Issues in Brazil
On our third episode of our Inside Privacy Audiocast, we are aiming our looking glass at Brazil’s new data protection statute, Lei Geral de Proteção de Dados (or LGPD), and are joined by Ronaldo Lemos, a partner at Rennó Penteado.
In our episode recorded earlier this week, Dan …
Continue Reading Inside Privacy Audiocast: Episode 3 – Emerging Data Privacy Issues in Brazil
An Uncertain Date: Preparing for the LGPD to Take Effect
As businesses prepare for the Brazil General Law for Data Protection, or LGPD, one key provision is still up in the air: the date the law takes effect. Under the original law, the LGPD was scheduled to take effect next Sunday, August 16. For the past several months, however, that date has been a moving target.
Continue Reading An Uncertain Date: Preparing for the LGPD to Take Effect
Brazil Senate Approves Bill Delaying LGPD Enforcement
The Brazil Senate unanimously approved a bill today that would delay implementation of the Brazil General Law for Data Protection, or LGPD, until January 1, 2021 and enforcement of fines and penalties until August 1, 2021. The LGPD is currently scheduled to take effect on August 15, 2020.
The draft bill — one of four pending in the Senate that propose to delay implementation of the LGPD — is broad in scope, encompassing not only the LGPD, but also statutes of limitations and sanctions for certain anti-competitive conduct. Senator Antonio Anastasia, the sponsor of the bill, explained that the bill is intended to give businesses an opportunity to focus on other urgent matters arising from the COVID-19 pandemic.
Continue Reading Brazil Senate Approves Bill Delaying LGPD Enforcement
Brazil’s New General Data Privacy Law Follows GDPR Provisions
On August 14, Brazilian President Michel Temer signed into law the new General Data Privacy Law (Lei Geral de Proteção de Dados Pessoais or “LGPD”) (English translation), making Brazil the latest country to implement comprehensive data privacy regulation.
The law’s key provisions closely mirror the European Union’s General Data Privacy Regulation (“GDPR”), including significant extraterritorial application and vast fines of up to two percent of the company’s previous year global revenue (the GDPR allows for up to four percent in certain aggravated circumstances).Continue Reading Brazil’s New General Data Privacy Law Follows GDPR Provisions
Developments in the Right to Be Forgotten
As we approach the May 2018 effective date of the EU General Data Protection Regulation (“GDPR”), there have been a number of global developments over the last few months with respect to the so-called “right to be forgotten,” which will be codified under Article 17 of the GDPR.
European Developments
In the EU, we previously reported on a Court of Justice of the EU (“CJEU”) decision that limits the right to be forgotten with respect to public records. And in February, A French high administrative court raised several questions to the CJEU relating to the right to be forgotten in light of the Google v. Costeja Gonzalez decision. The questions address whether and in what circumstances search engines must delist links to websites in response to requests from data subjects, and arose in the context of a pending dispute between Google and CNIL, the French data protection authority.
A decision by a Circuit Court in Ireland recognized the right of a former election candidate to request the removal of information posted about him on Reddit under the right to be forgotten. And the UK recently solicited views on its own implementation of the GDPR, including input regarding the interplay between the right to be forgotten and freedom of expression in the media.
Continue Reading Developments in the Right to Be Forgotten
Brazil Extends the Consultation Period on Its Draft Data Protection Law until April 30
In February 2015, the Brazilian government issued a draft of Brazil’s first comprehensive privacy law, the Preliminary Draft Bill for the Protection of Personal Data (the “Draft Bill”). The Draft Bill builds on and codifies certain concepts relating to the treatment of personal data already present in Brazilian…
Continue Reading Brazil Extends the Consultation Period on Its Draft Data Protection Law until April 30