The impact of postponing Brazil’s Data Protection Law

</p> <p>Initially, the LGPD was expected to come into force in August 2020, some 18 months after its initial approval. However, Senator Antonio Anastasia, the author of the <a href="https://legis.senado.leg.br/sdleg-getter/documento?dm=8081779&amp;ts=1585934129559&amp;disposition=inline">bill</a>, considered it would be fair to postpone it for another 18 months so as “not to overwhelm companies due to the enormous technological and economic hardships that came after the pandemic.” The new deadline came as a proposal by Senator Simone Tebet, after the backlash caused by the proposal, <a href="https://economia.estadao.com.br/noticias/geral,senado-aprova-projeto-que-suspende-prazos-contratuais-ate-outubro-aluguel-residencial-fica-de-fora,70003259159">reports</a> newspaper <em>Estadão</em>.</p> <p>In a statement to the press, the Brazilian Association of IT Companies (Assesspro), has celebrated the decision, considering that “Senator Tebet’s solution for the issue was positive and backs the importance of the LGPD.”</p> <p>The law, inspired by the European GDPR, is considered by Brazilian digital activists as an advance in data protection in Brazil. It establishes that Brazilian citizens own their data and companies and the government are responsible for handling it and keeping it safe. Non-compliance or breaches may lead to fines of up to 2 percent of a company’s revenue in Brazil, limited to BRL 50 million, plus daily fines.</p> <p>As we explained in our <a href="https://brazilian.report/podcast/2019/07/24/data-protection-changes-coming-your-way/">Explaining Brazil podcast</a>, small companies are the most vulnerable to this, as they lack the resources and <a href="https://brazilian.report/tech/2019/12/05/brazil-data-protection-law-health-data-market/">experience to deal with the regulations</a>, while international companies are already used to this kind of law abroad.&nbsp;</p> <div id="buzzsprout-player-1452826"></div> <script src="https://www.buzzsprout.com/299876/1452826-70-in-brazil-new-terms-and-conditions-will-apply.js?container_id=buzzsprout-player-1452826&amp;player=small" type="text/javascript" charset="utf-8"></script> <hr class="wp-block-separator"/> <p>This concern had been raised by lawmakers and businesspeople even before the outbreak of Covid-19. As lawyer Fernando Santiago <a href="https://www.conjur.com.br/2020-mar-31/fernando-santiago-alternativa-adiar-aplicacao-penalidades-lgpd#author">writes</a>, “even though companies and the public sector should have been well prepared for the LGPD five months before it came into force, those who support postponing it found a mighty ally. There is no denying that this crisis will impact the economy and the regular working of national and international companies.”</p> <p>In his view, postponing the punishment only could be a good way to find common ground between creating a data protection culture and the fears of companies, which he considers to be fair as the regulation from the National Data Protection Authority is yet to be implemented.&nbsp;</p> <h2>The risks of postponing data protection controls</h2> <p>For digital activists, postponing the LGPD brings about serious concerns in terms of data protection in Brazil, especially considering that several monitoring technologies are taking place amid the pandemic in an attempt to contain the virus.&nbsp;</p> <p>“If we consider the context of the pandemic and the growth of initiatives that aim to use personal data, this law becomes much more urgent to regulate eventual abuses in this data treatment,” said Bruna dos Santos, advocacy and policy analyst at NGO Coding Rights, to <strong>The Brazilian Report.</strong>&nbsp;</p> <p>As we explained<a href="https://brazilian.report/tech/2020/04/02/could-covid-19-cause-a-rise-in-government-surveillance-in-brazil/"> in our April 2 story</a>, Brazilian public authorities are already using monitoring technologies to curb public gatherings in cities such as Recife and São Paulo. While companies guarantee privacy will be respected, history shows that this pledge is more connected to how developed democracy is in a country, as similar tools have been used for political persecution in dictatorships.&nbsp;&nbsp;&nbsp;</p> <p>In Ms. dos Santos&#8217; view, Congress had already been understanding of companies’ needs by giving such a large period for adaptation. Moreover, the fact that sanctions will only be applied in August 2021 leave people even more unprotected, she says, “showing the unbalance of the relationship between Congress, individuals and treatment agents, as it prioritizes the ability of companies to adapt instead of protection for individuals.”