Privacy & Information Security Law Blog

On August 20, 2020, Secretary-General of the Presidency of the Republic, Jorge Antônio de Oliveira Francisco, announced that the administrative decree to create the new Brazilian data protection authority (the Autoridade Nacional de Proteção de Dados, or “ANPD”) is ready and may be published at any time, after final technical adjustments are made. The Secretary-General made this statement during his remarks at the webinar “The ANPD: from the letter of law to the practice,” jointly organized by the Centre for Information Policy Leadership (“CIPL”) and the Centro de Estudos de Direito, Internet e Sociedade of Instituto Brasiliense de Direito Público (“CEDIS-IDP”) and hosted by the news channel JOTA.

This timely announcement comes as the Brazilian Congress is due to vote on the Provisional Measure 959/2020 by August 27, 2020. As we previously reported, this Provisional Measure temporarily delays the applicability of the new Brazilian data protection law (Lei Geral da Proteção de Dados, or “LGPD”) to May 2021. Congressman Orlando Silva announced that the Congress might vote on the Provisional Measure on August 25, 2020.

The Congressman also highlighted that a recent paper co-authored by CIPL and CEDIS-IDP provides a model for the establishment of the ANPD that goes beyond the LGPD by laying out practical aspects for establishing the ANPD.

During the webinar, Eduardo Bertoni, Director of the Argentinian Access to Public Information Agency, and Nelson Remolina, Deputy Superintendent for Data Protection of the Colombian Superintendency of Industry and Commerce, highlighted the importance of the ANPD being independent and autonomous. Congressman Orlando Silva reminded participants that it is important that Brazil complies with data protection requirements, including by having an independent data protection authority, in order to become a member of the Organisation for Economic Co-operation and Development.

During the webinar, experts also suggested that the LGPD can be effective only with an established ANPD to provide interpretation and guidance to public and private sector organizations. Lawyer and representative of the industry association Brasscom, Ana Paula Bialer, said that one of the biggest challenges for LGPD implementation by organizations has been the interpretation of the new rules, in particular where they conflict with rules and regulations of other sectors, such as telecommunications. Miriam Wimmer, Director of Telecommunications Services at the Brazilian Ministry of Science, Technology, Innovation & Communications, highlighted that the ANPD will need to work collaboratively with other regulators and government bodies.

CIPL President, Bojana Bellamy, and Director of CEDIS-IDP, Laura Schertel Mendes, emphasized that the ANPD must be established immediately. They highlighted that it should focus on engagement with public and private sector organizations by listening to them, understanding the market context, providing guidance, interpreting the LGPD and acknowledging examples of best-practice compliance programs.

Read the full paper “The Role of the Brazilian Data Protection Authority (ANPD) under Brazil’s New Data Protection Law (LGPD),” available both in English and Portuguese.