Access Alert | Brazil’s Upcoming Agenda for Tech and Privacy Regulation

Access Alert | Brazil’s Upcoming Agenda for Tech and Privacy Regulation

On 4 November, Brazil’s National Data Protection Authority (ANPD) launched its 2023-2024 Regulatory Agenda following a consultation process from August to September 2022.

The agenda, which provides greater transparency and efficiency regarding the Authority’s regulatory process, includes initiatives related to the application of administrative sanctions and the rights of personal data subjects.

Enhancing Brazil’s Privacy Framework

At its core, the document sets out twenty initiatives divided into four phases based on priority and with specific implementation timelines. The first phase includes regulatory processes that are already in progress, while activities in the other three phases will take up to eighteen months to take place. Key initiatives include:

  • Cross-border data transfer (phase 1): Regulate the criteria in the LGDP for the international transfer of personal data between jurisdictions with adequate levels of protection (Art. 33), the evaluation process by the ANPD (Art. 34), and the definition of the content of standard contractual clauses (Art. 35).
  • Incident reporting and notification (phase 1): Modify deadlines and reporting mechanisms in the event of security breaches or incidents.
  • Children’s personal data (phase 2): Analyse the impact of processing personal data and the impact of digital platforms and Internet games on the protection of children’s personal data.
  • Biometric data (phase 3): Promote ANPD regulation to guide the collection of sensitive data.
  • Artificial Intelligence (AI) (phase 3): Perform a study and develop guidelines on AI from a privacy perspective that can later serve as a baseline for other AI standards.

The ANPD’s plans for 2023 will be implemented under the country’s new government, led by President Luiz Inácio Lula da Silva. In terms of privacy and security laws, Brazil’s next head of state has emphasised the need to improve regulation and enhance capabilities for the processing and storage of personal data. This is in line with the ANPD’s regulatory agenda for the next two years and represents an opportunity for companies to engage with the country’s data protection authority and the application of the LGPD.

Lula’s Tech Agenda

More broadly, Lula’s tech policy priorities are: 1) continuing to ensure high-quality Internet access across the country; 2) creating new labour legislation targeting digital workers and platforms; 3) harnessing Brazil’s national technological capacity and innovation; 4) promoting scientific and technological research; and 5) creating an economic strategy by adopting emerging technologies such as AI, biotechnology, and nanotechnology.

What’s at stake for tech companies?

Privacy and personal data protection issues remain at the forefront of public debate across Latin America. From Argentina’s new data protection bill to Chile’s ongoing discussions to create a new Data Protection Agency and Peru’s recent approval of international data transfer guidelines, Latam countries are actively looking to enhance their data protection frameworks. Similarly, the Ibero-American Network of Data Protection’s (RIPD) recently published guidelines for cross-border personal data transfers through contractual clauses signal a first step towards establishing a harmonised regional framework for international data transfers.

Companies operating in Brazil will need to comply with these new changes and prepare for any complementary requirements to existing obligations under the LGDP established by the ANPD. Brazil is a regional trendsetter, and other countries in the region will likely replicate these rules, particularly as they continue to enhance their respective data protection frameworks.

Access Partnership closely monitors all development regarding privacy and data protection regulation in Latin America. For more information, contact Rodrigo Serrallonga and Paula Rabacov.

Related Articles

The need for more accurate geographical coordinates for earth stations in SpaceCap

The need for more accurate geographical coordinates for earth stations in SpaceCap

The International Telecommunication Union (ITU) Radiocommunication Sector (ITU-R)  plays an important role in the global management of the radio-frequency spectrum...

3 Oct 2024 Opinion
Access Alert: A new era of global governance – the Pact for the Future

Access Alert: A new era of global governance – the Pact for the Future

On 22 September, the United Nations adopted the Pact for the Future at the Summit of the Future in New...

24 Sep 2024 Opinion
The future of trust: Why AI governance and regulation are crucial in the age of deepfakes

The future of trust: Why AI governance and regulation are crucial in the age of deepfakes

In 2024, a milestone in AI development was reached with Elon Musk’s Grok platform, which enables the production of photorealistic...

23 Sep 2024 Opinion
Empowering mobility through technology: Moto-hailing for safer and more equitable Latin American communities

Empowering mobility through technology: Moto-hailing for safer and more equitable Latin American communities

Mobility allows individuals to safely gain access to a spectrum of economic opportunities by enabling them to connect with job...

19 Sep 2024 Reports