Insight

Recent Developments on Privacy and Data Protection in Brazil

A change of paradigm is urgent and requires a robust legislation on personal data protection.

Privacy and Data Protection Brazil
RS

Ricardo Barretto Ferreira da Silva and Camila Taliberti Ribeiro da Silva

August 31, 2017 03:10 PM

Privacy is one of the basic rights guaranteed by the Brazilian Constitution and one of the principles for Internet governance in Brazil. It is also a theme of heated debates because it involves a series of challenging issues in the context of a digital economy, such as technological innovation, respect for human rights, freedom, and democracy.

With the advent of technologies able to massively collect personal data, it’s worrisome that Brazilian organizations, whether public or private, have not yet raised the flag of privacy. An example of this was the cooperation agreement signed in 2013 that was later repealed between the Superior Electoral Court with the Credit Report Entity (SPC Serasa) in order to disclose personal data of about 141 million Brazilian voters. More recently, several court orders determined the WhatsApp blockages as a penalty for not complying with court orders enforcing the disclosure of content messages protected by encryption.

A change of paradigm is urgent and requires robust legislation on personal data protection.

Currently, the Brazilian legal system has several sectorial laws that ensure the inviolability of intimacy and privacy of Brazilian citizens, in accordance with the Brazilian Constitution, the Civil Code, and the Consumer Protection Code.
The Law 12,965/2014 (known as the Internet Bill of Rights or Marco Civil da Internet) was enacted to establish principles and rules for ensuring privacy and data protection on the use of the Internet in Brazil. The decree 8,771/2016, which regulates the law, established guidelines on security standards to be adopted in the retaining, storage, and processing of personal data and private communications, including the use of encryption.

However, Brazilian legislation currently in force is not adequate enough to provide legal certainty on the processing of personal data by public and private entities. The Internet Bill of Rights is a great step toward the implementation of the right to privacy on the Internet, but it does not assure data protection as a whole. Firstly, it is applied only to “Internet connection providers” and “Internet application providers” and does not encompass several important issues, such as the processing of sensitive data, interconnection, and transfer of personal data.

In turn, the Bill of Law 5,276/2016, which is being discussed in the National Congress, aims at solving this lack of legal certainty in the current context, in which personal data is being collected from the massive use of disruptive technologies. According to the Bill of Law, personal data processing activities shall comply with several principles, such as purpose, transparency, security, free access by the data owner, prevention of damages, and non-discrimination.
The consent is one of nine requirements to authorize the processing of personal data. The Bill of Law expressly provides that personal data processing is allowed under free, express, specific, and informed consent. However, certain flexibility is allowed in cases when it is necessary: (i) compliance with legal obligation; (ii) data sharing between governmental entities; (iii) historical, scientific, and statistic research; (iv) execution of contracts, as requested by the data owner; (v) use in judicial or administrative proceeding; (vi) life protection; and (vii) to fulfill legitimate interest of those responsible for processing the data. Such flexibility, however, does not stop the individual from controlling her/his personal data.

The bill also provides special rules on sensitive personal data processing, which can only take place under special consent, or without consent in certain circumstances, such as fulfillment of legal obligation.
International transfer of data is only allowed by the Bill of Law for countries that provide a level of protection for personal data that is equivalent to the level established in Brazilian law. If the personal data is transferred to a country that does not provide a level of protection, special consent is required.

Security measures and good practices are also required by the bill, and individuals and companies shall be subject to the administrative penalties for any breaches of the standards established in the law, which may be applied by an enforcement authority for data protection to be created through the Brazilian government.

In view of this and despite the fact that there is no expectation as to when the Bill of Law will be approved, Brazilian and foreign companies that process personal data must attempt to implement policies on privacy and personal data protection, and ultima ratio be compromised with a transparent corporate governance. This is a sine qua non condition for the sustainable development of disruptive technologies such as the Internet of Things and artificial intelligence.

Related Articles

Privacy Practice


by Casey Waughn

Data protection is all the rage among tech companies and state, national (and even transnational) governments alike. Is it a passing fad or here to stay? And how should businesses and groups of all sizes handle compliance with a blizzard of new laws?

Data Protection Prompt New Privacy Laws

The Future of Data Privacy: You Can Run but You Can’t Hide (or Can You?)


by Chad W. King

In Ernest Cline’s dystopian novel "Ready Player One," the world’s population is addicted to a virtual reality game called the OASIS.

The Future of Data Privacy

My Data My Rules: An Overview of Data Protection in Brazil


by Fábio Pereira

My Data My Rules

Connecticut Attorney General Releases Status Update on Data Privacy Act


by Gregory Sirico

Connecticut's attorney general recently released a report on the current status of the Data Privacy Act, focusing in on some keys areas of enforcement.

Animated woman's face with code scattered everywhere

Current State of EU to U.S. Data Transfers


by Gregory Sirico

The Biden Administration and European Commission recently came to a principle political agreement concerning the ever-changing future of EU to U.S. data transfers.

New Framework for EU and U.S. Data Transfers

Announcing the 7th Annual Women in the Law Publication


by Best Lawyers

The 7th Annual Women in the Law publication is a celebration of all the female legal talent across the country, honoring every woman listed in The Best Lawyers in America and Best Lawyers: Ones to Watch in America.

Honoring Female Lawyers in the United States

New England States With Incoming Legislation


by Gregory Sirico

Best Lawyers takes an in depth look at newly proposed bills, litigation and cases coming out of four New England states.

New England Laws Taking Effect in 2022

Biometric Privacy: It’s Not Just an Illinois Issue


by Kenn Brotman and Molly K. McGinley

How BIPA Litigation May Impact Companies Outside of Illinois

Blue fingerprint that's reflective with black background

A Sea Change on Land


by Suneel Gupta and Linda A. Klein

Autonomous vehicles will revolutionize almost every area of the law. Here’s a look at what’s rapidly approaching.

Legal Considerations for Autonomous Vehicles

A Startup Accelerator Program Sets Cuatrecasas Apart


by Best Lawyers

Miguel de Almada and Frederico Bettencourt Ferreira from the Portuguese firm discuss their 2019 "Law Firm of the Year" award for Litigation and Arbitration.

Cuatrecasas "Law Firm of the Year"

How Do I Protect My Child From Online Predators?


by Kelly L. Frey Sr.

New technologies open up new ways for children to be exploited online. The Children’s Online Privacy Protection Act offers a solution.

What COPPA Means for Your Child

Supreme Court Decision Will Play Important Role in Shaping Defendant Privacy Rights


by Gus Kostopoulos

The primary question will likely come down to whether or not cell phone data and location records are protected interests under the Fourth Amendment.

Defendant Privacy Rights

The European Regulation on Data Protection and Brexit


by Anna Viladàs Jené

After many years of negotiations, on 27 April 2016, the European Regulation concerning the protection of individuals in respect of the processing of personal data and the free movement of this data (hereafter, “the Regulation”), has finally seen the light of day.

Brexit Data Protection

Trending Articles

2025 Best Lawyers Awards Announced: Honoring Outstanding Legal Professionals Across the U.S.


by Jennifer Verta

Introducing the 31st edition of The Best Lawyers in America and the fifth edition of Best Lawyers: Ones to Watch in America.

Digital map of the United States illuminated by numerous bright lights.

Unveiling the 2025 Best Lawyers Awards Canada: Celebrating Legal Excellence


by Jennifer Verta

Presenting the 19th edition of The Best Lawyers in Canada and the 4th edition of Best Lawyers: Ones to Watch in Canada.

Digital map of Canadathis on illuminated by numerous bright lights

Discover The Best Lawyers in Spain 2025 Edition


by Jennifer Verta

Highlighting Spain’s leading legal professionals and rising talents.

Flags of Spain, representing Best Lawyers country

Unveiling the 2025 Best Lawyers Editions in Brazil, Mexico, Portugal and South Africa


by Jennifer Verta

Best Lawyers celebrates the finest in law, reaffirming its commitment to the global legal community.

Flags of Brazil, Mexico, Portugal and South Africa, representing Best Lawyers countries

Presenting the 2025 Best Lawyers Editions in Chile, Colombia, Peru and Puerto Rico


by Jennifer Verta

Celebrating top legal professionals in South America and the Caribbean.

Flags of Puerto Rico, Chile, Colombia, and Peru, representing countries featured in the Best Lawyers

Prop 36 California 2024: California’s Path to Stricter Sentencing and Criminal Justice Reform


by Jennifer Verta

Explore how Prop 36 could shape California's sentencing laws and justice reform.

Illustrated Hands Breaking Chains Against a Bright Red Background

Tampa Appeals Court ‘Sends Clear Message,” Ensuring School Tax Referendum Stays on Ballot


by Gregory Sirico

Hillsborough County's tax referendum is back on the 2024 ballot, promising $177 million for schools and empowering residents to decide the future of education.

Graduation cap in air surrounded by pencils and money

Find the Best Lawyers for Your Needs


by Jennifer Verta

Discover how Best Lawyers simplifies the attorney search process.

A focused woman with dark hair wearing a green top and beige blazer, working on a tablet in a dimly

Paramount Hit With NY Class Action Lawsuit Over Mass Layoffs


by Gregory Sirico

Paramount Global faces a class action lawsuit for allegedly violating New York's WARN Act after laying off 300+ employees without proper notice in September.

Animated man in suit being erased with Paramount logo in background

The Human Cost


by Justin Smulison

2 new EU laws aim to reshape global business by enforcing ethical supply chains, focusing on human rights and sustainability

Worker wearing hat stands in field carrying equipment

Introduction to Demand Generation for Law Firms


by Jennifer Verta

Learn the essentials of demand gen for law firms and how these strategies can drive client acquisition, retention, and long-term success.

Illustration of a hand holding a magnet, attracting icons representing individuals towards a central

Social Media for Law Firms: The Essential Beginner’s Guide to Digital Success


by Jennifer Verta

Maximize your law firm’s online impact with social media.

3D pixelated thumbs-up icon in red and orange on a blue and purple background.

ERISA Reaches Its Turning Point


by Bryan Driscoll

ERISA litigation and the laws surrounding are rapidly changing, with companies fundamentally rewriting their business practices.

Beach chair and hat in front of large magnify glass

How Client Testimonials Fuel Client Acquisition for Law Firms


by Nancy Lippincott

Learn how client testimonials boost client acquisition for law firms. Enhance credibility, engage clients and stand out in a competitive legal market.

Woman holding blurb of online reviews

Critical Period


by Maryne Gouhier and Armelle Royer

How the green-energy raw materials chase is rewriting geopolitics

Overhead shot of mineral extraction plant

Best Lawyers Expands With New Artificial Intelligence Practice Area


by Best Lawyers

Best Lawyers introduces Artificial Intelligence Law to recognize attorneys leading the way in AI-related legal issues and innovation.

AI network expanding in front of bookshelf