bool(false)

The impact of postponing Brazil’s Data Protection Law

. Apr 04, 2020
Brazil's General Data Protection Law could be yet another Covid-19 casualty. Set to be enforced in August, it has been pushed back to 2021.

The Brazilian Senate has passed a bill that postpones the deadline for companies and organizations to comply with the Brazilian General Data Protection Law (LGPD) to January 2021, while punishments for non-compliance would only be enforced from August 2021 onward. The bill is still to be voted on by the House of Representatives and signed into law by President Jair Bolsonaro, but it is already raising concerns about data protection in Brazil.

</p> <p>Initially, the LGPD was expected to come into force in August 2020, some 18 months after its initial approval. However, Senator Antonio Anastasia, the author of the <a href="https://legis.senado.leg.br/sdleg-getter/documento?dm=8081779&amp;ts=1585934129559&amp;disposition=inline">bill</a>, considered it would be fair to postpone it for another 18 months so as “not to overwhelm companies due to the enormous technological and economic hardships that came after the pandemic.” The new deadline came as a proposal by Senator Simone Tebet, after the backlash caused by the proposal, <a href="https://economia.estadao.com.br/noticias/geral,senado-aprova-projeto-que-suspende-prazos-contratuais-ate-outubro-aluguel-residencial-fica-de-fora,70003259159">reports</a> newspaper <em>Estadão</em>.</p> <p>In a statement to the press, the Brazilian Association of IT Companies (Assesspro), has celebrated the decision, considering that “Senator Tebet’s solution for the issue was positive and backs the importance of the LGPD.”</p> <p>The law, inspired by the European GDPR, is considered by Brazilian digital activists as an advance in data protection in Brazil. It establishes that Brazilian citizens own their data and companies and the government are responsible for handling it and keeping it safe. Non-compliance or breaches may lead to fines of up to 2 percent of a company’s revenue in Brazil, limited to BRL 50 million, plus daily fines.</p> <p>As we explained in our <a href="https://brazilian.report/podcast/2019/07/24/data-protection-changes-coming-your-way/">Explaining Brazil podcast</a>, small companies are the most vulnerable to this, as they lack the resources and <a href="https://brazilian.report/tech/2019/12/05/brazil-data-protection-law-health-data-market/">experience to deal with the regulations</a>, while international companies are already used to this kind of law abroad.&nbsp;</p> <div id="buzzsprout-player-1452826"></div> <script src="https://www.buzzsprout.com/299876/1452826-70-in-brazil-new-terms-and-conditions-will-apply.js?container_id=buzzsprout-player-1452826&amp;player=small" type="text/javascript" charset="utf-8"></script> <hr class="wp-block-separator"/> <p>This concern had been raised by lawmakers and businesspeople even before the outbreak of Covid-19. As lawyer Fernando Santiago <a href="https://www.conjur.com.br/2020-mar-31/fernando-santiago-alternativa-adiar-aplicacao-penalidades-lgpd#author">writes</a>, “even though companies and the public sector should have been well prepared for the LGPD five months before it came into force, those who support postponing it found a mighty ally. There is no denying that this crisis will impact the economy and the regular working of national and international companies.”</p> <p>In his view, postponing the punishment only could be a good way to find common ground between creating a data protection culture and the fears of companies, which he considers to be fair as the regulation from the National Data Protection Authority is yet to be implemented.&nbsp;</p> <h2>The risks of postponing data protection controls</h2> <p>For digital activists, postponing the LGPD brings about serious concerns in terms of data protection in Brazil, especially considering that several monitoring technologies are taking place amid the pandemic in an attempt to contain the virus.&nbsp;</p> <p>“If we consider the context of the pandemic and the growth of initiatives that aim to use personal data, this law becomes much more urgent to regulate eventual abuses in this data treatment,” said Bruna dos Santos, advocacy and policy analyst at NGO Coding Rights, to <strong>The Brazilian Report.</strong>&nbsp;</p> <p>As we explained<a href="https://brazilian.report/tech/2020/04/02/could-covid-19-cause-a-rise-in-government-surveillance-in-brazil/"> in our April 2 story</a>, Brazilian public authorities are already using monitoring technologies to curb public gatherings in cities such as Recife and São Paulo. While companies guarantee privacy will be respected, history shows that this pledge is more connected to how developed democracy is in a country, as similar tools have been used for political persecution in dictatorships.&nbsp;&nbsp;&nbsp;</p> <p>In Ms. dos Santos&#8217; view, Congress had already been understanding of companies’ needs by giving such a large period for adaptation. Moreover, the fact that sanctions will only be applied in August 2021 leave people even more unprotected, she says, “showing the unbalance of the relationship between Congress, individuals and treatment agents, as it prioritizes the ability of companies to adapt instead of protection for individuals.”

Read the full story NOW!

 
Natália Scalzaretto

Natália Scalzaretto has worked for companies such as Santander Brasil and Reuters, where she covered news ranging from commodities to technology. Before joining The Brazilian Report, she worked as an editor for Trading News, the information division from the TradersClub investor community.

Our content is protected by copyright. Want to republish The Brazilian Report? Email us at contact@brazilian.report