On February 02, 2024, the ANPD launched the Guidance Guide on the Legitimate Hypotheses of Data Processing – Legitimate Interest, to clarify the main points for applying the legal hypotheses of the legitimate interest of controllers or third parties.

The Guide provides guidelines for interpreting and implementing the legal hypothesis, addressing the definitions of the relevant concepts, and the parameters for their interpretation.

In addition, the Guide introduced a simplified balancing test model. This model considers the interests of the controller or third parties on the one hand and the fundamental rights and freedoms of the holders on the other. It consists of three distinct phases: i) establishing the purpose; ii) assessing the need; and iii) analyzing the balance and establishing safeguards. If the rights of the data subjects prevail, the controller must not process based on legitimate interest.

The Guide emphasizes that the adoption of the legal basis of legitimate interest should be avoided by governmental bodies when the processing of personal data is carried out compulsorily or to fulfill legal or regulatory obligations or attributions, being admitted, eventually, in specific cases, depending on the particular case.

To access the full Guidelines, click HERE.

❮ Back to the bulletin LGDP Express no. 05/24

On January 31, 2024, the ANPD published the first version of the Personal Data Protection Glossary, presenting the authority’s official position on the main concepts, terms, and expressions used in personal data protection legislation and the authority’s documents.

The Glossary aims to facilitate the understanding of terms and expressions by personal data subjects and processing agents, contribute to the consolidation and standardization of these terms and expressions, and expand the compiled dissemination of terms which, although of general interest, are defined in different instruments.

The document wdiill remain open to comments and contributions, which can be submitted to the ANPD Ombudsman via the Fala.BR platform. It was last updated on 25.05.2024.

To access the Glossary in full, click HERE.

❮ Back to the bulletin LGDP Express no. 05/24

In commemoration of International Data Protection Day, celebrated globally on January 28, the ANPD and the Center for the Study, Response, and Treatment of Security Incidents in Brazil (CERT.br) issued two booklets of the Internet Security Primer addressing Data Protection and Data Leakage.

The “Data Protection” booklet covers how to adopt a preventive stance to reduce the exposure of personal information on the Internet and provides guidance on using security tools.

The Data Leakage booklet offers guidance on how to minimize the impacts caused by unauthorized access to, collection of, and disclosure of personal information on the Internet.

To access the entire content, click HERE.

❮ Back to the bulletin LGDP Express no. 05/24