Through two different public consultations, launched on 5 and 16 August, Brazil’s National Data Protection Authority (ANPD) is seeking views on its 2023-2024 Regulatory Agenda and on the regulation establishing the DPA’s investigative and sanctioning powers.
Defining the Regulatory Agenda
Open from 5 to 31 August, the consultation will inform the authority’s regulatory priorities for 2023-2024. Last year’s strategic focus areas included: i) cross-border data transfer, ii) guidelines on calculating fines; and iii) best practice principles for processing data.
This year, the authority has proposed 15 topics (such as AI, biometric data, sharing of data by the government) which the public is requested to rank in order of relevance.
Gearing up the ANPD
This is the country’s latest effort to further regulate its privacy framework since the adoption of the General Data Protection Law (LGPD) in 2018.
The draft resolution seeks to consolidate ANPD’s investigation powers and further regulate the application of penalties set forth in the LGPD. The new piece of legislation guarantees legal certainty to all agents by providing publicity, predictability, transparency and efficiency to ANPD enforcement processes. public comments are required by 15 September.
Impact on Companies
The two consultations are an excellent opportunity for companies operating in Brazil to engage with the data protection authority and participate in the process of shaping the country’s regulatory guidelines. Moreover, given Brazil’s role as agenda setter in the Latin America region, it is likely that neighbouring countries may replicate these rules, especially now that Argentina has opened a consultation process to update its data protection law.
Access Partnership closely monitors all development regarding data protection regulation in the Latin America region. For more information, contact Paula Rabacov or Melissa González.
