Brazil’s Comprehensive Privacy Law Now in Effect


Following lots of legislative uncertainty, Brazil has now formally enacted the country’s first general data protection law, Lei Geral de Proteção de Dados, or “LGPD.” While administrative sanctions do not go into effect until August 1, 2021, individuals and public prosecutors can now bring claims for losses and damages. Indeed, at least one public civil action has already been filed. LGPD is the first comprehensive general data protection law in Latin America. It was modeled after the EU’s GDPR. While there are many similarities, LGPD does introduce new concepts. Below are some of the key elements to keep in mind.

Putting it Into Practice. Many questions remain open as to the interpretation and enforcement of this law. Brazil’s National Data Protection Authority (ANPD), the administrative agency tasked with enforcing administrative sanctions and issuing regulations under the LGPD, has not yet been established. In the meantime, organizations can begin reviewing their global privacy programs to assess any gaps in compliance. They may want to focus on, among other things, the differences between current rights processes and the rights anticipated under LGPD.


Copyright © 2024, Sheppard Mullin Richter & Hampton LLP.
National Law Review, Volumess X, Number 273