Breaking news: the Brazilian President Michel Temer issued yesterday and had published today the so-called “Provisory Measure” No. 869/2018 (Medida Provisória, a norm issued by the President alone, usually reserved for urgent and relevant matters) to amend the New Brazilian Data Privacy Law (Lei Geral de Proteção de Dados, “LGPD”). With this measure, the President created a National Data Protection Authority and determined that the LGPD shall enter into force 24 months – and not 18 months as the LGPD initially established – after its publication, which took place on 15 August 2018 (amendment to article 65 of the LGPD by the Provisory Measure).
More time
Companies now have until 16 August 2020 to become compliant with the LGPD – indeed a nice late Christmas present, considering the huge impact the new legislation will have on any company processing personal data of Brazilian individuals – that is, practically all Brazilian companies and a number of foreign companies doing business in Brazil. The LGPD is strongly based on the General Data Protection Regulation (“GDPR”) which entered into force on 25 May 2018 in Europe, and represents quite a revolution in the field of data protection in the Brazilian legal system, which so far consists of very sparse provisions.
National Data Protection Authority
According to the Provisory Measure, the National Data Protection Authority is an organ of the federal public administration, integrating the Executive. Articles 55-A to 55-K, 58-A and 58-B of the Provisory Measure No. 869/2018 contain detailed provisions regarding its composition, the mandate of its members and its attributions. The statutes of the authority shall be established by the President in a separate act.
A poisoned gift? It is true that the authority is the one competent to issue fines and take other enforcement actions. On the other hand, the European experience shows that data protection authorities have a very important role in providing clarity and guidance as to the interpretation of data protection provisions and how to implement them in practice. Perhaps this will be the same in Brazil.
Next chapters
The Provisory Measure shall now be appreciated by Legislative organs within 45 days. It is valid for 60 days, but its validity may be extended by another 60 days. Under certain circumstances a Provisory Measure may be reedited by the President. Issues regarding the (apparently inexistent) financial and administrative autonomy of the authority, as well as how it will function concretely, are still open and will certainly be the topic of discussions and criticism in the coming weeks and months.
This article was originally published on AllAboutIP – Mayer Brown’s blog on relevant developments in the fields of intellectual property and unfair competition law. For intellectual property-themed videos, Mayer Brown has launched a dedicated YouTube channel.