Movatterモバイル変換


[0]ホーム

URL:


Jump to content
WikipediaThe Free Encyclopedia
Search

General Personal Data Protection Law

From Wikipedia, the free encyclopedia
Brazilian regulation on the processing of personal data
General Personal Data Protection Law
National Congress of Brazil
  • Portuguese:Dispõe sobre a proteção de dados pessoais e altera a Lei nº 12.965, de 23 de abril de 2014 (Marco Civil da Internet)
    Diposes about personal data protection and makes changes to Law 12965 of April 23, 2014
CitationLaw No. 13.709 August 14, 2018
Territorial extentWorldwide
Passed byChamber of Deputies
PassedMay 29, 2018
Passed byFederal Senate
PassedJuly 10, 2018
Signed byMichel Temer,President of Brazil
SignedAugust 14, 2018
CommencedAugust 16, 2020
Administered byData Protection National Authority
Legislative history
First chamber:Chamber of Deputies
Bill titleLaw Project no. 4060/2012
Introduced byDep. Milton Monti (PL-SP)
IntroducedJune 13, 2012
First readingJune 28, 2012
Second readingMay 29, 2018
Third readingMay 29, 2018
Second chamber:Federal Senate
Bill titleChamber Law Project no. 53/2018
Received from theChamber of DeputiesJune 1, 2018
First readingJune 1, 2018
Second readingJuly 10, 2018
Status: In force

TheGeneral Personal Data Protection Law (Portuguese:Lei Geral de Proteção de Dados Pessoais, orLGPD;Lei 13709/2018), is astatutory law ondata protection andprivacy in theFederative Republic of Brazil.[1] The law's primary aim is to unify 40 different Brazilian laws that regulate the processing ofpersonal data.[2] The LGPD contains provisions and requirements related to the processing of personal data of individuals, where the data is of individuals located in Brazil, where the data is collected or processed in Brazil, or where the data is used to offer goods or services to individuals in Brazil.[3]

The LGPD became law on September 18, 2020, but its enforceability was backdated August 16, 2020.Sanctions under the regulation will only be applied from August 1, 2021.[4][5]

Thenational data protection authority responsible for enforcement of the LGPD is theAutoridade Nacional de Proteção de Dados, or ANPD.[6]

Contents

[edit]

The LGPD contains sixty-five articles and defines new legal concepts in Brazilian law, such aspersonal data andsensitive personal data. The law sets out the rights of the subjects of personal data, and under what conditions that data can be collected, processed, stored, and shared. It also specifies the obligations of the entity processing that data, and the exceptions to the law.[7]

InArticle 18, the LGPD allows the data subject right to do the following:[8][9]

  1. To confirm that their personal data is being processed.
  2. To access their personal data.
  3. To correct incomplete, incorrect or out-of-date personal data.
  4. To anonymise, block, or delete any unnecessary, excessive, or non-compliant personal data.
  5. To request that a data controller moves their personal data to another service or product provider.
  6. To delete their personal data.
  7. To be given information about how their personal data has been shared.
  8. To be given information about their rights to not give consent to process their personal data.
  9. To withdraw consent to process their personal data.

Article 7 describes the conditions under which personal data may be processed:[5][9]

  1. With the data subject's consent.
  2. To comply with the data controller's legal or regulatory responsibilities.
  3. For public administration and carrying out public policies set out in law, regulation, or in contracts.
  4. For research studies (anonymised where possible).
  5. To carry out a contract.
  6. To exerciseBrazilian law.
  7. To protect life or personal safety.
  8. By healthcare or sanitation professionals, to safeguard a person's health.
  9. For the legitimate interest of the data controller or a third party, unless that would infringe upon the data subject's statutory rights.
  10. To protect credit ratings.

Enforcement

[edit]

Article 48 of the LGPD states that the data controller must inform the national data protection authority and the data subject, if a security incident occurs that may result in relevant damage or risk, in a reasonable time period (as defined by ANPD).[9]

Article 52 states that the maximum fine for breaching LGPD is two percent of a private company's revenue in Brazil, up to a maximum of 50 millionreais.[2]

Comparison with GDPR

[edit]

The process of combining separate data protection laws in to one was inspired by theEU'sGeneral Data Protection Regulation, which was adopted on April 14, 2016. The LGPD and the GDPR have similar definitions of personal data and essentially the same data subject rights. The regulations differ on the legal basis for processing data, where the LGPD additionally includes carrying out research studies and protectingcredit ratings. Additionally, the LGPD does not specify a time period in which data breaches must be reported and the penalties for breaching the LGPD are lower than that for GDPR.[2][10]

Timeline

[edit]

In 2015, the Brazilian Government issued the Preliminary Draft Bill for the Protection of Personal Data and submitted it to public consultation, before being sent to Congress for discussion and vote.[11]

On August 14, 2018, the Brazilian National Congress first passed the General Personal Data Protection Law.[12]

On December 28, 2018Michel Temer issuedprovisional measure 869 that amended the LGPD to include the creation of a national data protection authority responsible for enforcement of the law calledAutoridade Nacional de Proteção de Dados (ANPD).[13]

On April 29, 2020, PresidentJair Bolsonaro issued Provisional Measure 959 that postponed the effective date of the LGPD to May 3, 2021. On August 26, 2020, TheChamber of Deputies, Brazil'slower house, amended the measure to make the LGPD take effect on December 31, 2020. TheFederal Senate, Brazil'supper house then decided that any postponement was void because the effective date had already been decided by congress.[10] The LGPD passed in the Senate on September 16, 2020, and was sent to Jair Bolsonaro to sign into law on September 17, 2020. The LGPD became law on September 18, 2020, and its enforceability was backdated August 16, 2020. Sanctions under the regulation were to only be applied from August 2021.[4][5]

See also

[edit]
  • Habeas data, a constitutional remedy in the Brazilian constitution

References

[edit]
  1. ^13709/2018
  2. ^abc"What is the LGPD? Brazil's version of the GDPR".gdpr.eu. 31 July 2019. RetrievedDecember 23, 2020.
  3. ^"Data Protection Laws of the World".dlapiperdataprotection.com. RetrievedDecember 23, 2020.
  4. ^ab"In rapid-fire reversal, Brazil effectuates privacy law immediately".iapp.org. RetrievedDecember 23, 2020.
  5. ^abc"Data Protected - Brazil".linklaters.com. RetrievedDecember 23, 2020.
  6. ^Alonzo Martinez (September 4, 2020)."Brazil's New Data Protection Law Moves Forward Without Warning – Employers Race To Comply".forbes.com.
  7. ^"Brazil: Data Protection Laws and Regulations 2020".iclg.com. July 6, 2020.
  8. ^"An overview of Brazil's LGPD".iapp.org. RetrievedDecember 23, 2020.
  9. ^abc"Brazilian General Data Protection Law (LGPD, English translation)".iapp.org. RetrievedDecember 23, 2020.
  10. ^ab"Brazil's General Data Protection Law: A Comparison Between Brazil's Newly Effective Law and the GDPR".iapp.org. September 21, 2020.
  11. ^"Privacy and Data Protection in Brazil".Journal of Law & Cyber Warfare.5 (2):225–234. 2017.JSTOR 26441275. RetrievedMarch 16, 2021.
  12. ^"Brazilian Government Makes the LGPD Effective Imminently".The National Law Review. September 10, 2020.
  13. ^"Brazil's Temer creates data protection agency - official gazette". Reuters. December 28, 2018. Archived fromthe original on December 28, 2018.

External links

[edit]
Retrieved from "https://en.wikipedia.org/w/index.php?title=General_Personal_Data_Protection_Law&oldid=1328284711"
Categories:
Hidden categories:

[8]ページ先頭

©2009-2026 Movatter.jp