Brazil set to enforce personal data protection as a basic right. In Brazil, personal data protection will become a fundamental right. The Senate has passed a constitutional change that includes data on internet sites.
The Brazilian Senate has approved a constitutional amendment that adds personal data privacy to the list of citizens’ basic rights and protections. The measures, which will be passed by Congress since constitutional modifications do not require presidential approval, also encompass data available through digital media. The amendment received no votes against it.
The proposal states that the federal government is solely responsible for the organization and oversight of personal data protection and processing, as well as having exclusive jurisdiction over personal data protection and processing legislation. More so, the amendment makes personal data protection an immutable element of the Brazilian Constitution, implying that any future changes must strive to enhance, improve, and maintain citizen data privacy rights.
Senators examined the law for the first time in 2019, when prosecutors involved in an anti-corruption probe and government officials, including President Jair Bolsonaro, had their Telegram accounts hacked. Senator Simone Tebet, the bill’s rapporteur, claims that the proposal incorporates the principles of the General Data Protection Regulations (LGPD) into the Constitution. LGPD, which went into effect in September 2020, governs the processing of personal data by people, public and commercial entities in Brazil, across all media, including digital media, with the objective of protecting data subjects’ privacy.
The Lei Geral de Proteço de Dados Pessoais (LGPD) is Brazil’s General Data Protection Law. The LGPD, like other data privacy laws before it, lays forth the legal requirements for collecting, processing, handling, securing, and destroying personal data. The LGPD also establishes nine essential rights for data subjects, giving them more control over their data and how it is used, as well as consequences for breaking the law. Brazil used to have over 40 distinct personal data regulations, but the LGPD has streamlined and combined them into a single legal framework.
How does it compare to past data privacy legislation, such as the General Data Protection Regulation (GDPR)?
The EU’s General Data Protection Regulation, or GDPR, took effect in May 2016 and has far-reaching implications. Because the legislation applies to all EU citizens and residents’ personal data, it applies to any firm that processes such data, regardless of whether it is headquartered in the EU or not. (However, the precise borders are obviously hazy.) The LGPD follows the same policy: any business or organization that processes personal data of Brazilian citizens is subject to the LGPD’s laws.
When compared to previous data privacy legislation, the LGPD has its own set of rules, regulations, and punishments. However, if a company has already worked to comply with the GDPR, it will be in a good position to comply with the LGPD as well.
Sanctions related to data privacy legislation went into effect in August 2021, with fines ranging from 1% to 2% of a company’s annual revenue in situations of non-compliance. The board members of the National Data Protection Authority (ANPD), which is responsible for implementing the legislation, were selected in October 2020, and the body unveiled its plan in February 2021.
The ANPD published its regulatory strategy for 2021-2023 and work plan for 2021-2022 on January 28, 2021, the internationally recognized Data Privacy Day, which firstly, establishes the ANPD’s three main objectives in its initial years as a data protection regulator, and secondly, establishes the ANPD’s immediate priorities and areas of focus.
Vital topics such as the ANPD’s enforcement and fines/penalties calculation, notification of data breaches to the ANPD and data subjects, data protection impact assessments (DPIAs), the ANPD’s bylaws, and the protection of personal data and privacy of small and medium-sized enterprises, startups, and individuals who process personal data for economic purposes are already being addressed in 2021.
Brazilians are concerned about the security of their data, according to a poll conducted by Datafolha Institute on behalf of MasterCard: 92 percent of digital service customers are aware that corporations keep their customers’ information to some extent. However, the average score given to how safe respondents believe their information is in digital contexts is 5.1 on a scale of 1 to 10, with 10 being extremely secure.
SHARE THIS: Brazil set to enforce personal data privacy as a basic right.