Tag: Data Protection

Brazilian Data Protection Authority (ANPD) issues new international data transfer regulation

The International Data Transfer Regulation, published in August 2024 by the Brazilian Data Protection Authority (ANPD), has brought significant changes to companies that transfer personal data abroad. The new regulation outlines several mechanisms to authorize cross-border data transfers under the Brazilian Data Protection Law (LGPD), including adequacy decisions, standard contractual clauses, among others. The ANPD […]

Public Civil Actions in data privacy breaches

Class actions are used in various jurisdictions as a key mechanism for the protection of collective rights. The Brazilian legal action that most closely resembles class actions in the USA is the Public Civil Action (ACP), which has served over the years as the primary tool for protecting personal data in Brazil. Before the LGPD […]

Partner Simone Lahorgue Nunes speaks at the IBA Annual Conference in Mexico City

Our partner Simone Lahorgue Nunes will be speaking at the IBA Annual Conference taking place this month, in Mexico City. On Monday, 16th, she will be moderating a roundtable discussion on AI and copyright with Herman Croux and Gregor Bühler, and on Wednesday, 18th, she will participate in the panel “Data Breach and Privacy: Are Class Actions […]

Processing of personal data for public security purposes

The processing of personal data for public security purposes triggers the application of various provisions outlined in the Brazilian Data Protection Law (“LGPD”). Analogous to the European General Data Protection Regulation (“GDPR”), the LGPD excludes the processing of personal data for specific purposes, wherein public interest is pronounced, from its purview. These include national defense, […]

Controllers’ liability in cases of personal data breaches

The Superior Court of Justice (“STJ”, together with the Supreme Court, the two highest Brazilian courts) issued a decision last March restricting the controllers’ liability related to personal data breaches.   A claim seeking compensation for moral damages was filed by a consumer against a Brazilian power utility company due to a leakage of personal data, […]

Brazilian Data Protection Authority’s (ANPD) first penalty for non-compliance with the Brazilian General Data Protection Law (LGPD)

Last July 6th, the ANPD ruled the first case of LGPD violation. The wrongdoer, which is a microenterprise, was fined in the amount of BRL 14,400 for offering to political candidates a database with voters’ personal data (including name, telephone number and address). According to the decision, the Brazilian company was processing personal data with no legal […]

The role of the Brazilian Data Protection Authority in cross-border data transfers

After a turbulent legislative process, the Brazilian Data Protection Authority (ANPD) was finally created in July 2019. However, the watchdog was unusually designed as a transitory unit within the current structure of the Presidency of the Republic with no specific workforce or budget. Within two years it may be converted into a special authority, such […]

Internal Investigations and the New Brazilian General Data Protection Law

As a result of the widespread investigation and sanctioning of corruption practices over the past few years, companies doing business in Brazil have increasingly adopted rigorous compliance policies. Some aspects of Brazil’s recently approved General Data Protection Law (LGPD) are believed to hinder internal investigations that are typically part of such compliance initiatives. This article discusses why […]

The Brazilian Data Protection Legal Framework

  Introduction On August 14, 2018, Law No. 13,709 (LGPD – Lei Geral de Proteção de Dados) was enacted, creating a personal data protection legal framework in Brazil. The LGPD is influenced by the EU General Data Protection Regulation (GDPR); individuals, private entities and public authorities are affected by its provisions. Brazil now integrates a group […]