Welcome to the fifth edition of LGPD Express!

In this newsletter, we have assembled recent news, rules, guides, and regulations related to Law No. 13.709/2018 (Brazil General Data Protection Law or LGPD) and the Brazilian National Data Protection Authority (ANPD) activities.

We hope it is useful as a tool to keep you informed about updates on the data protection landscape in Brazil.

Your opinion is valuable! Please click here to share your feedback on this newsletter. We are committed to continuous improvement based on your suggestions.

Are you interested in receiving our LGPD Express Newsletter regularly? Sign up here.

PDF version of the bulletin:
LGPD EXPRESS 05/24 – PDF

Legislation

ANPD establishes its internal Integrity Program – The ANPD has established its Integrity Program through Resolution CD/ANPD No. 12, of April 9, 2024. This Program is designed to promote conformity of conduct, transparency, prioritization of the public interest and an organizational culture aimed at delivering value to society.

* * *

ANPD launches its Process Governance Methodology – Through Resolution CD/ANPD No. 14/2024, the ANPD has introduced its Process Governance Methodology to support, guide, and standardize internal Process Modelling initiatives.

* * *

ANPD publishes the Security Incident Reporting Regulation (RCIS) – On April 26, 2024, the ANPD published Resolution CD/ANPD No. 15/2024, which approves the “Security Incident Communication Regulation (RCIS)” to strengthen the protection of personal data and the accountability of processing agents in the event of a security incident.

* * *

News

Technological Radar: a new series of publications launched by ANPD about emerging technologies – On January 29, 2024, the ANPD started the project entitled “Technology Radar”. This project comprises a series of periodic technical publications produced by the entity that aim to offer concise approaches to emerging technologies that impact or will impact the national and international data protection landscape.

* * *

ANPD adopts its electronic filing system – On January 16, 2024, the ANPD launched SUPER, its own electronic protocol system for previously enrolled external users. The SUPER replaced the Electronic Information System (SEI).

* * *

European Commission sanctioned for breaching data protection regulation using Microsoft 365 – On March 24, 2024, the European Data Protection Supervisor (EDPS) confirmed that the European Commission has breached data protection provisions of the Regulation (EU) 2018/1725 when using the Microsoft 365.

* * *

ANPD proposes amendments to Bill 2338 on Artificial Intelligence – Following its efforts to improve the regulation of the matter, on May 08, 2024, the ANPD delivered to the Temporary Committee on Artificial Intelligence in Brazil a 25-page document with its contributions to the Substitute of Bill 2338/2023, which regulates the use of Artificial Intelligence in the country.

* * *

DMA and DSA: the new European regulations impact the future of the digital market – In 2022, the European Union (EU) approved a package of regulations consisting of the Digital Market Act (DMA) and the Digital Services Act (DSA). While the DSA addresses consumer protection legislation, the DMA aims to promote fair competition and equity in digital markets.

* * *

A new Bill strengthens ANPD’s autonomy – On 06.03.2024, Senator Angelo Coronel presented Bill No. 615/2024 which aims to ensure the autonomy of the ANPD.

* * *

Facebook and Zoom convicted due to data breaches – On March 12, 2024, the Court of Diffuse and Collective Interests of São Luís do Maranhão released its decision, ordering the companies responsible for the Facebook and Zoom apps to pay compensation of BRL 20 million as collective moral damage, as well as BRL 500 for each user of Apple’s mobile operating system (IOS) who had their data collected without authorization.

* * *

ANPD holds Webinar on High-Risk Data Processing – On May 15, 2024, the ANPD held a webinar to clarify aspects of processing high-risk personal data, per Resolution CD/ANPD No. 2/2022. The event covered themes such as large-scale data and emerging technologies, including artificial intelligence and facial recognition.

* * *

Guidelines

ANPD and CERT.br collaborate on an Online Security Primer on Data Protection and Data Leakage – In commemoration of International Data Protection Day, celebrated globally on January 28, the ANPD and the Center for the Study, Response, and Treatment of Security Incidents in Brazil (CERT.br) issued two booklets of the Internet Security Primer addressing Data Protection and Data Leakage.

* * *

ANPD publishes Glossary of Personal Data Protection – On January 31, 2024, the ANPD published the first version of the Personal Data Protection Glossary, presenting the authority’s official position on the main concepts, terms, and expressions used in personal data protection legislation and the authority’s documents.

* * *

Orientation Guideline on Legitimate Interest – On February 02, 2024, the ANPD launched the Guidance Guide on the Legitimate Hypotheses of Data Processing – Legitimate Interest, to clarify the main points for applying the legal hypotheses of the legitimate interest of controllers or third parties.

* * *

The teams of Fraga, Bekierman & Cristiano Advogados are available to assist with the processes of adaptation and compliance with LGPD.

Do not leave LGPD compliance to the last minute!

See you in the next edition!


The material contained on this website is provided for general information purposes only. Nothing on this website or its content is intended to provide any legal advice.