Insights

BrazilAmpsUpEnforcementofDataProtectionLaw

Brazil Amps Up Enforcement of Data Protection Law

Actions in the last six months of the Brazilian National Data Protection Authority ("ANPD") suggest that it intends to aggressively enforce the Brazilian Data Protection Law ("LGPD"). The LGPD applies to any entity that processes personal data of individuals in Brazil regardless of whether the entity has operations in the country. Such entities must, therefore, actively implement data privacy compliance policies.  

Notable recent actions taken by the ANPD include: (i) promulgation of a regulation on the appointment of a data protection officer ("DPO") by data controllers, detailing a DPO's roles and responsibilities under the LGPD; (ii) enjoining the use by Meta Platforms Inc. of personal data from social media platforms for training artificial intelligence systems; (iii) promulgation of a regulation requiring disclosure of security incidents to affected individuals and the ANPD and a related order requiring public disclosure of data breaches by the National Social Security Institute; and (iv) promulgation of a regulation on international transfer of personal data, under the LGPD, and standard contractual clauses that can be implemented in connection with such transfers.

Read the White Paper.

Insights by Jones Day should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only and may not be quoted or referred to in any other publication or proceeding without the prior written consent of the Firm, to be given or withheld at our discretion. To request permission to reprint or reuse any of our Insights, please use our “Contact Us” form, which can be found on our website at www.jonesday.com. This Insight is not intended to create, and neither publication nor receipt of it constitutes, an attorney-client relationship. The views set forth herein are the personal views of the authors and do not necessarily reflect those of the Firm.