As previously reported, Brazilian lawmakers have been debating a delay to the LGPD, which was scheduled to come into effect August 15, 2020, in response to COVID-19. The Brazilian Senate first passed Bill 1,179/2020, and Brazil’s President later enacted Provisional Measure 959. On May 19, 2020, the Brazilian Congress sent to the President’s desk an amended Bill 1,179/2020 that would maintain the LGPD’s August 15, 2020 effective date but would delay administrative sanctions until August 1, 2021. However, if approved, the Final Bill would still allow the LGPD’s requirements to be enforced through other means.
On April 29, The Brazilian Federal Government issued an executive order, Provisional Measure, which would postpone the implementation of LGPD until May 3, 2021 if approved by Brazil’s legislature in the next couple of weeks.
In light of the pandemic crisis caused by the COVID-19, Brazilian Officials have sought to enact emergency measures to minimize its impact on regular business practices. One of the latest efforts is Bill 1,179/2020, which would, among other things, delay implementation of Brazil’s General Data Protection Law, or LGPD, until January 1, 2021 so as not to burden companies in the face of the enormous technical economic difficulties arising from the pandemic.
Although Brazil’s new General Data Privacy Law (LGPD) significantly expands Brazil’s data protection framework and places the country among one of the few jurisdictions to provide similar data privacy protections as those offered in the European Union, the new law did not create a data protection authority. On 28 December 2018, outgoing President Michel Temer signed Medida Provisória no. 869/18, a last-minute executive order that made important changes to the LGPD and most notably created the Brazilian National Data Protection Authority (ANPD).
The Brazilian General Data Protection Law (“Lei Geral de Proteção de Dados” or “LGPD”), passed by Congress on 14 August 2018, will come into effect on 15 February 2020. The new data protection law significantly improves Brazil’s existing legal framework by regulating the use of personal data by the public and private sectors. Very similar to the General Data Protection Regulation (“GDPR”) implemented in the European Union, the LGPD imposes strict regulations on the collection, use, processing, and storage of electronic and physical personal data. In conjunction with the passing of the LGPD, the National Data Protection Authority will be created in order to adequately implement the new legislation.