The Data Privacy Law will apply, from August onwards, to companies, both national and international, that process data from Brazilian users....
On 14 August 2018, the Brazilian authorities had adopted their own DPMR, under the acronym "LGPD", for Lei Geral de Proteção de Dados, or General Data Protection Law. Directly inspired by the European regulation, the law should be supervised by a local authority whose independence is already contested. Google, which accounts for around 95% of internet searches in Brazil, is preparing to comply with the law.
The entry into force of the law could be postponed, and a not-so-independent local authority could be created.
The law, which will come into force on August 16, will not only apply to Brazilian companies, but will also impose obligations on foreign companies, as long as they have users located in the eternal country of the future. It is possible, however, that its application may be postponed. Discussions are indeed underway within the Brazilian government itself.
In parallel, Brazil is working on the creation of a Data Protection Authority (DPA), whose primary mission will be to provide recommendations on how to interpret and then apply the provisions of the DPA. And it will have its work cut out for it, as its dependence on the Brazilian government is not yet fully assured.
While it is as close as possible to the GDMP, the GDMP Act suffers from certain shortcomings, such as the absence of a requirement for a privacy impact analysis. The law is also not entirely clear on the review of a human decision that would be taken after an automated processing of personal data.
Google, which concentrates the majority of the world's internet traffic, is actively preparing to comply with Brazilian data privacy law. The Moutain View firm has already had to swallow the European General Data Protection Regulation (GDPR) and the California Consumer Data Protection Act (CCPA).
"Google's status under the DPA as data controller or processor for each product will be the same as under the DPA," the US giant warns, advising all web players to contact their legal counsel(s) "to determine how to comply with it (the DPA) and how to use the options we offer.