Google Prepares To Comply With Binding Brazilian Data Protection Law

The Data Privacy Law will apply, from August onwards, to companies, both national and international, that process data from Brazilian users.

On 14 August 2018, the Brazilian authorities had adopted their own DPMR, under the acronym "LGPD", for Lei Geral de Proteção de Dados, or General Data Protection Law. Directly inspired by the European regulation, the law should be supervised by a local authority whose independence is already contested. Google, which accounts for around 95% of internet searches in Brazil, is preparing to comply with the law.

The entry into force of the law could be postponed, and a not-so-independent local authority could be created.

The law, which will come into force on August 16, will not only apply to Brazilian companies, but will also impose obligations on foreign companies, as long as they have users located in the eternal country of the future. It is possible, however, that its application may be postponed. Discussions are indeed underway within the Brazilian government itself.

In parallel, Brazil is working on the creation of a Data Protection Authority (DPA), whose primary mission will be to provide recommendations on how to interpret and then apply the provisions of the DPA. And it will have its work cut out for it, as its dependence on the Brazilian government is not yet fully assured.

While it is as close as possible to the GDMP, the GDMP Act suffers from certain shortcomings, such as the absence of a requirement for a privacy impact analysis. The law is also not entirely clear on the review of a human decision that would be taken after an automated processing of personal data.

Google will update its terms of use in due course.

Google, which concentrates the majority of the world's internet traffic, is actively preparing to comply with Brazilian data privacy law. The Moutain View firm has already had to swallow the European General Data Protection Regulation (GDPR) and the California Consumer Data Protection Act (CCPA).

"Google's status under the DPA as data controller or processor for each product will be the same as under the DPA," the US giant warns, advising all web players to contact their legal counsel(s) "to determine how to comply with it (the DPA) and how to use the options we offer.

Google will update its terms of use accordingly, adding the conditions specific to the GPA. "The provisions of the Act will be incorporated into our existing data protection provisions," the company said. This means that users will not have to take any action to accept the provisions of the Data Protection Act as long as the existing data protection terms are already part of the contract with Google.

1 Commentaires

  1. It was a rhetorical post that did not ask for an answer ... of course there are exceptions to all rules, even basic ones, but they are far from representing the majority of the people and thus attracting their interest.


Publier un commentaire

Plus récents Plus ancienne