Brazil: President promulgates “key changes to the final version of the LGPD”

by | Feb 21, 2021 | Articles, Brazil, Digital, Technology

The President of the Federative Republic of Brazil, Jair Bolsonaro, promulgated, on 8 July 2019, Law No. 13.853 of 8 July 2019, Amending Law No. 13.709 of 14 August 2018 (‘LGPD’), to Provide for the Protection of Personal Data and for the Creation of the National Data Protection Authority (‘ANPD’), and Other Provisions (‘the Amending Law’). In particular, the Amending Law approves certain provisions introduced by Provisional Measure No. 869 of 27 December 2018, including the competences and the structure of the ANPD, among other things.

Luis Fernando Prado Chaves and Renato Gomes Malafaia, Partner and Attorney at Law at Daniel Law respectively, told OneTrust DataGuidance, “if we had to elect some of the main amendments to the original text, we would emphasise […] that unlike the General Data Protection Regulation (Regulation (EU) 2016/679), under the LGPD, […] all companies responsible for processing data (as controllers) have to appoint a data protection officer, at least until the ANPD regulates the exceptions. [In addition,] data subjects no longer have the right to request a human revision of decisions made strictly through automated proceedings […], subsequent processing of publicly accessible personal data may be carried out for new purposes, provided that these purposes are legitimate, specific, and observe the rights of data subjects, as well as the grounds and principles set forth in the LGPD […] Therefore, despite the absence of alteration in the backbone of the law […], there were some key changes to the final version of the LGPD […]”


            We expect the ANPD to act independently from any political power or beliefs


The Amending Law further provides the ANPD with the authority to, among other things, supervise and ensure compliance with the LGPD, receive and process complaints, perform audits, and issue sanctions for non-compliance. In addition, the Amending Law affects the processing of sensitive data for health purposes by making changes to the legal basis for the processing of such data between healthcare professionals and healthcare services.

Prado and Malafaia continued, “Despite being the new member of the Presidential Cabinet, we expect the ANPD to act independently from any political power or beliefs […] We should also highlight that by broadening the legal basis for health data […], both personal and sensitive data can be used during a procedure performed by healthcare professionals, authorities or services […] Nevertheless, the sharing of this kind of data for economical purposes would also be allowed if certain new (strict) conditions are met […] [To conclude,] the positive outcomes that the early adaptation to the LGPD’s provisions may provide are reputation increase, better management of compliance programmes, and market consolidation as just a few examples that justify, companies to rethink their business models and implemente the new principles and rules.”


The LGPD is now expected to enter into force on 16 August , 2020.



One Trust Data Guidance

Related Articles

Subscribe to our newsletter