Welcome to the second edition of LGPD Express!

Aiming to assist in analyzing and monitoring the personal data protection regulation in Brazil, we highlight in this newsletter the main recent news and rules related to the theme.

Want to receive our LGPD Express Newsletter? Sign up by clicking here.

PDF version of the newsletter:
LGPD EXPRESS 01/23 – PDF

 

Legislation

Decree adjusts the rules for data sharing by Federal agencies. – Decree No. 11,266/2022 brought new rules about governance in data sharing within the federal public administration and established the Citizen’s Base Register.

* * *

ANPD publishes regulatory agenda for the biennium 2023/2024 – The National Data Protection Authority (ANPD) approved, on October 8, 2022, its regulatory agenda for the biennium 2023/2024. The schedule foresees 20 actions to be initiated, structured in four phases:

* * *

Bill regulates tax incentives for LGPD-compliant investments – The Senate has begun a public consultation to debate Bill 4/2022, which rules tax incentives to companies that invest in the LGPD adequacy and compliance. One can access the public consultation at the e-Cidadania website.

* * *

ANPD is now an Autarchy – Following international positioning, Law no. 14.460/2022 transformed the ANPD into an Autarchy. In the original wording of the LGPD (article 55-A, paragraphs and 2), the agency was framed only as a federal public administration body.

* * *

Guidelines

ANPD launches guidance guide “cookies and personal data protection” – Aiming to instruct the personal data owners about their guarantees, the ANPD released the guide “Cookies and Personal Data Protection”.

* * *

ANPD launches new Form for the Reporting of Security Incident – Under LGPD, personal data controllers must adopt measures to prevent harm to personal data owners. However, in the event of a security incident, data controllers must notify the ANPD and the personal data owners of the security incident’s occurrence.

* * *

News

Google settles agreement with forty American States over an improper collection of users’ data – Google has agreed to pay USD 391.5 million to forty American States to end investigations into how it collects users’ data.

* * *

Texas sues Google for alleged capturing biometric data without consent – The State of Texas has sued Google, pleading its condemnation for collecting biometric data from millions of Americans without consent.

* * *

Rules on how to calculate LGPD fines – Since the rules for calculating fines for non-compliance with the LGPD were not issued, there is still uncertainty regarding the dosimetry of penalties.

* * *

Rio de Janeiro launches Governance Program on Privacy and Personal Data Protection – The Secretary of Government and Public Integrity (Segovi) of the Rio de Janeiro’s Municipality enacted the Resolution No. 91/2022, that creates the Governance Program in Privacy and Protection of Personal Data (PGPPDP).

* * *

Countries of the European Union will collect biometric data on the entry of foreigners – Next year, European countries will adopt the EES (Entry-Exit System) system to control the entry of foreigners. The provision is at Regulation (EU) 2017/2226.

* * *

ANPD publishes a preliminary study on children and adolescents’ data processing – The ANPD published a preliminary study on the legal hypotheses applicable to processing personal data of children and adolescents, aiming to solve the controversy as to whether consent is sufficient as an appropriate legal basis in processing minors’ data.

* * *

The teams of Fraga, Bekierman & Cristiano Advogados are prepared to provide assistance in the adaptation and compliance processes to the LGPD.

Do not leave LGPD compliance to the last minute!

See you in the next edition!


The material contained on this site is provided for general information purposes only. Nothing on this website or its content is intended to provide any legal advice.