Access Alert | Brazil’s Upcoming Agenda for Tech and Privacy Regulation

Access Alert | Brazil’s Upcoming Agenda for Tech and Privacy Regulation

On 4 November, Brazil’s National Data Protection Authority (ANPD) launched its 2023-2024 Regulatory Agenda following a consultation process from August to September 2022.

The agenda, which provides greater transparency and efficiency regarding the Authority’s regulatory process, includes initiatives related to the application of administrative sanctions and the rights of personal data subjects.

Enhancing Brazil’s Privacy Framework

At its core, the document sets out twenty initiatives divided into four phases based on priority and with specific implementation timelines. The first phase includes regulatory processes that are already in progress, while activities in the other three phases will take up to eighteen months to take place. Key initiatives include:

  • Cross-border data transfer (phase 1): Regulate the criteria in the LGDP for the international transfer of personal data between jurisdictions with adequate levels of protection (Art. 33), the evaluation process by the ANPD (Art. 34), and the definition of the content of standard contractual clauses (Art. 35).
  • Incident reporting and notification (phase 1): Modify deadlines and reporting mechanisms in the event of security breaches or incidents.
  • Children’s personal data (phase 2): Analyse the impact of processing personal data and the impact of digital platforms and Internet games on the protection of children’s personal data.
  • Biometric data (phase 3): Promote ANPD regulation to guide the collection of sensitive data.
  • Artificial Intelligence (AI) (phase 3): Perform a study and develop guidelines on AI from a privacy perspective that can later serve as a baseline for other AI standards.

The ANPD’s plans for 2023 will be implemented under the country’s new government, led by President Luiz Inácio Lula da Silva. In terms of privacy and security laws, Brazil’s next head of state has emphasised the need to improve regulation and enhance capabilities for the processing and storage of personal data. This is in line with the ANPD’s regulatory agenda for the next two years and represents an opportunity for companies to engage with the country’s data protection authority and the application of the LGPD.

Lula’s Tech Agenda

More broadly, Lula’s tech policy priorities are: 1) continuing to ensure high-quality Internet access across the country; 2) creating new labour legislation targeting digital workers and platforms; 3) harnessing Brazil’s national technological capacity and innovation; 4) promoting scientific and technological research; and 5) creating an economic strategy by adopting emerging technologies such as AI, biotechnology, and nanotechnology.

What’s at stake for tech companies?

Privacy and personal data protection issues remain at the forefront of public debate across Latin America. From Argentina’s new data protection bill to Chile’s ongoing discussions to create a new Data Protection Agency and Peru’s recent approval of international data transfer guidelines, Latam countries are actively looking to enhance their data protection frameworks. Similarly, the Ibero-American Network of Data Protection’s (RIPD) recently published guidelines for cross-border personal data transfers through contractual clauses signal a first step towards establishing a harmonised regional framework for international data transfers.

Companies operating in Brazil will need to comply with these new changes and prepare for any complementary requirements to existing obligations under the LGDP established by the ANPD. Brazil is a regional trendsetter, and other countries in the region will likely replicate these rules, particularly as they continue to enhance their respective data protection frameworks.

Access Partnership closely monitors all development regarding privacy and data protection regulation in Latin America. For more information, contact Rodrigo Serrallonga and Paula Rabacov.

Related Articles

Access Alert: Saudi Arabia – Pioneering Sustainable Space Endeavours

Access Alert: Saudi Arabia – Pioneering Sustainable Space Endeavours

In an effort to showcase its focus on sustainable space exploration and utilisation, Saudi Arabia hosted the Space Debris Conference...

1 Mar 2024 Opinion
FinTech’s Role in SMEs and Inclusive Growth

FinTech’s Role in SMEs and Inclusive Growth

SMEs account for 90% of businesses and 50% of employment globally. However, limited financial access and regulatory complexities prevent these...

29 Feb 2024 Opinion
Tech Policy Trends 2024: Consumer protection – The next battleground for digital pioneers

Tech Policy Trends 2024: Consumer protection – The next battleground for digital pioneers

With technologies emerging and advancing at a rapid pace, tech players are under unprecedented scrutiny for how it impacts consumers’...

28 Feb 2024 Opinion
Access Alert: Advancing pan-African mobile roaming to unlock seamless connectivity and growth opportunities

Access Alert: Advancing pan-African mobile roaming to unlock seamless connectivity and growth opportunities

Digital transformation is accelerating in Africa, driven by the growing adoption of mobile services. According to the World Bank, sub-Saharan...

23 Feb 2024 Opinion