Last November, the Brazilian Data Protection Authority (ANPD) released its Regulatory Agenda for the 2023-2024, setting out its priority of issues for this coming period. Below we take a look at some of the most awaited issues, as well as setting out the full list of actions on the Authorities agenda for this Biennium.
Administrative sanctions
Among the most topical issues on the agenda is the expected regulation and guidance on the application of administrative sanctions, which is a function allocated to the authority under Brazil’s data protection law (LGPD).
In particular, it is expected that the Authority will provide information and guidance on how administrative sanctions should be applied to violations of the law, as well as criteria for calculation of such fines.
Children’s rights
Another key topic is the processing of data belonging to children and adolescents.
The ANPD has already provided a preliminary study in this area, which addressed, for example, the need to consider the potential impact of online platforms and games on the rights of children and adolescents.
The ANPD’s agenda for 2023/2024
Overall, there are 20 Actions set out in the agenda, relating to the following topics:
1. Regulation of dosimetry and application of administrative sanctions;
2. Rights of holders of personal data;
3. Incident reporting and notification deadline specification;
4. International transfers of personal data;
5. Data protection impact reports;
6. Data Protection Officers:
7. Legal justifications for the processing of personal data;
8. Definitions of high risk and large scale;
9. Sensitive personal data – religious organizations;
10. Use of personal data for academic purposes and for carrying out studies by research bodies;
11. Anonymization and pseudonymization;
12. Regulation of the provisions of Article 62 of the LGPD (the regulation of data processing by the Union);
13. Data sharing by the Government;
14. Processing of personal data of children and adolescents;
15. Guidelines for the national policy on the protection of personal data and privacy;
16. Regulation of criteria for recognition and disclosure of good practice and governance rules;
17. Sensitive personal data – biometric data;
18. Security, technical and administrative measures (including minimum technical security standards;
19. Artificial intelligence;
20. Conduct Adjustment Terms (TAC).
Get in touch with us!
If you would like to know more about the ANPD’s agenda and how the topics could affect your business in Brazil, just get in touch with our experts. We will be glad to answer your questions.