HOME

TheInfoList



Click Here for Items Related To - General Personal Data Protection Law
OR:
General Personal Data Protection Law on:   [Wikipedia]   [Google]   [Amazon]

The General Personal Data Protection Law (, or LGPD; Lei 13709/2018), is a
statutory law A statute is a law or formal written enactment of a legislature. Statutes typically declare, command or prohibit something. Statutes are distinguished from court law and unwritten law (also known as common law) in that they are the expressed wi ...
on
data protection Data protection may refer to: * Information privacy, also known as data privacy * Data security {{Authority control ...
and
privacy Privacy (, ) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. The domain of privacy partially overlaps with security, which can include the concepts of a ...
in the
Federative Republic of Brazil Brazil, officially the Federative Republic of Brazil, is the largest country in South America. It is the world's List of countries and dependencies by area, fifth-largest country by area and the List of countries and dependencies by population ...
. The law's primary aim is to unify 40 different Brazilian laws that regulate the processing of
personal data Personal data, also known as personal information or personally identifiable information (PII), is any information related to an identifiable person. The abbreviation PII is widely used in the United States, but the phrase it abbreviates has fou ...
. The LGPD contains provisions and requirements related to the processing of personal data of individuals, where the data is of individuals located in Brazil, where the data is collected or processed in Brazil, or where the data is used to offer goods or services to individuals in Brazil. The LGPD became law on September 18, 2020, but its enforceability was backdated August 16, 2020. Sanctions under the regulation will only be applied from August 1, 2021. The national data protection authority responsible for enforcement of the LGPD is the , or ANPD.


Contents

The LGPD contains sixty-five articles and defines new legal concepts in Brazilian law, such as ''personal data'' and ''sensitive personal data''. The law sets out the rights of the subjects of personal data, and under what conditions that data can be collected, processed, stored, and shared. It also specifies the obligations of the entity processing that data, and the exceptions to the law. In Article 18, the LGPD allows the data subject right to do the following: # To confirm that their personal data is being processed. # To access their personal data. # To correct incomplete, incorrect or out-of-date personal data. # To anonymise, block, or delete any unnecessary, excessive, or non-compliant personal data. # To request that a data controller moves their personal data to another service or product provider. # To delete their personal data. # To be given information about how their personal data has been shared. # To be given information about their rights to not give consent to process their personal data. # To withdraw consent to process their personal data. Article 7 describes the conditions under which personal data may be processed: # With the data subject's consent. # To comply with the data controller's legal or regulatory responsibilities. # For public administration and carrying out public policies set out in law, regulation, or in contracts. # For research studies (anonymised where possible). # To carry out a contract. # To exercise Brazilian law. # To protect life or personal safety. # By healthcare or sanitation professionals, to safeguard a person's health. # For the legitimate interest of the data controller or a third party, unless that would infringe upon the data subject's statutory rights. # To protect credit ratings.


Enforcement

Article 48 of the LGPD states that the data controller must inform the national data protection authority and the data subject, if a security incident occurs that may result in relevant damage or risk, in a reasonable time period (as defined by ANPD). Article 52 states that the maximum fine for breaching LGPD is two percent of a private company's revenue in Brazil, up to a maximum of 50 million reais.


Comparison with GDPR

The process of combining separate data protection laws in to one was inspired by the EU's
General Data Protection Regulation The General Data Protection Regulation (Regulation (EU) 2016/679), abbreviated GDPR, is a European Union regulation on information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of ...
, which was adopted on April 14, 2016. The LGPD and the GDPR have similar definitions of personal data and essentially the same data subject rights. The regulations differ on the legal basis for processing data, where the LGPD additionally includes carrying out research studies and protecting
credit rating A credit rating is an evaluation of the credit risk of a prospective debtor (an individual, a business, company or a government). It is the practice of predicting or forecasting the ability of a supposed debtor to pay back the debt or default. The ...
s. Additionally, the LGPD does not specify a time period in which data breaches must be reported and the penalties for breaching the LGPD are lower than that for GDPR.


Timeline

In 2015, the Brazilian Government issued the Preliminary Draft Bill for the Protection of Personal Data and submitted it to public consultation, before being sent to Congress for discussion and vote. On August 14, 2018, the Brazilian National Congress first passed the General Personal Data Protection Law. On December 28, 2018
Michel Temer Michel Miguel Elias Temer Lulia (; born 23 September 1940) is a Brazilian politician, lawyer and writer who served as the 37th president of Brazil from 31 August 2016 to 1 January 2019. He took office after the Impeachment of Dilma Rousseff, impe ...
issued
provisional measure A provisional measure () is a legal act in Brazil through which the President of Brazil can, "in important and urgent cases", enact law Law is a set of rules that are created and are enforceable by social or governmental institutions t ...
869 that amended the LGPD to include the creation of a national data protection authority responsible for enforcement of the law called (ANPD). On April 29, 2020, President
Jair Bolsonaro Jair Messias Bolsonaro (; born 21 March 1955) is a Brazilian politician and former military officer who served as the 38th president of Brazil from 2019 to 2023. He previously served as a member of Brazil's Chamber of Deputies (Brazil), Chamb ...
issued Provisional Measure 959 that postponed the effective date of the LGPD to May 3, 2021. On August 26, 2020, The
Chamber of Deputies The chamber of deputies is the lower house in many bicameral legislatures and the sole house in some unicameral legislatures. Description Historically, French Chamber of Deputies was the lower house of the French Parliament during the Bourb ...
, Brazil's
lower house A lower house is the lower chamber of a bicameral legislature, where the other chamber is the upper house. Although styled as "below" the upper house, in many legislatures worldwide, the lower house has come to wield more power or otherwise e ...
, amended the measure to make the LGPD take effect on December 31, 2020. The Federal Senate, Brazil's
upper house An upper house is one of two Legislative chamber, chambers of a bicameralism, bicameral legislature, the other chamber being the lower house. The house formally designated as the upper house is usually smaller and often has more restricted p ...
then decided that any postponement was void because the effective date had already been decided by congress. The LGPD passed in the Senate on September 16, 2020, and was sent to Jair Bolsonaro to sign into law on September 17, 2020. The LGPD became law on September 18, 2020, and its enforceability was backdated August 16, 2020. Sanctions under the regulation were to only be applied from August 2021.


See also

*''
Habeas data ''Habeas data'' is a writ and constitutional remedy available in certain nations. The literal translation from Latin of ''habeas data'' is " e commandyou have the data," or "you he data subjecthave the data." The remedy varies from country to co ...
'', a constitutional remedy in the Brazilian constitution


References

{{reflist


External links


Brazilian General Data Protection Law (LGPD, English translation)

Brazilian General Data Protection Law (LGPD, English translation with navigation links)
Brazilian legislation Law of Brazil Data laws Data laws of the Americas Privacy legislation Internet privacy legislation