Brazil's Comprehensive Privacy Law Now In Effect
Published date | 01 October 2020 |
Subject Matter | Privacy, Data Protection, Privacy Protection |
Law Firm | Sheppard Mullin Richter & Hampton |
Author | Ms Julia K. Kadish and Liisa M. Thomas |
Following lots of legislative uncertainty, Brazil has now formally enacted the country's first general data protection law, Lei Geral de Proteç'o de Dados, or "LGPD." While administrative sanctions do not go into effect until August 1, 2021, individuals and public prosecutors can now bring claims for losses and damages. Indeed, at least one public civil action has already been filed. LGPD is the first comprehensive general data protection law in Latin America. It was modeled after the EU's GDPR. While there are many similarities LGPD does introduce new concepts. Below are some of the key elements to keep in mind.
- When does LGPD apply? Like GDPR, LGPD has extraterritorial effect. A company does not need to be based in Brazil or otherwise have any physical presence for the law to apply. Generally, LGPD applies when an organization does any of the following: (i) processes personal data in Brazil; (ii) processes personal data that was collected in Brazil; or (iii) processes personal data to offer goods or services in Brazil.
- Does LGPD provide rights to individuals? Yes While many of the rights are similar to those in GDPR, LGPD also introduces additional rights. In addition to GDPR-like rights of access, deletion, portability, LGPD also gives people a right to access information about those with whom an organization has shared the individual's data. It also calls for individual access to information on whether an organization holds particular data.
- What are the requirements for transferring data? Organizations may transfer personal data to other countries that provide an "adequate level of data protection." Brazil has not yet identified which countries it considers as providing an adequate level of protection. All other transfers require a valid legal transfer mechanism. While there are several available transfer methods, the two main ways organizations can transfer data include: (1)...
To continue reading
Request your trial