Brazilian General Data Protection Law – Overview and Implications
LGPD (Lei Geral de Proteção de Dados), or the Brazilian General Data Protection Law, was passed in the August of 2018. After CCPA in the US and GDPR in the Europe, LGPD is the latest data protection regulation that is about to be enacted amidst increasing privacy woes around the world in general.
Existing Legal Frameworks for Privacy in Brazil
Brazil is not a stranger to privacy and data protection laws. In fact, the country has over 40 laws that deal with privacy protection at the federal level. However, none of these legal norms are applicable on a national scale but are rather designed for specific industries.
Thus, there is no single all-encompassing regulatory framework to govern data protection practices in Brazil. The LGPD aims to iron out the conflict that arises naturally due to the multiplicity of many laws relating to data protection in the state by replacing these laws with a single enforceable legal framework. The introduction of this law will result in better uniformity across industries by holding all businesses accountable to the same standards.
Key Characteristics and Definitions of LGPD
The law has seven articles (Articles 17-22) that specify the rights of the data holder (i.e. a person to whom the data belongs). In total, the law gives nine rights that pertain to an individual’s privacy and data protection. Here are some key highlights about LGPD:
The Brazilian Online Privacy Landscape
The LGPD is coming into force at a time when concerns about online privacy and the level of awareness of the public are at an all-time high in Brazil. Kaspersky’s survey on data privacy reports that 74% of Brazilian users that were surveyed mentioned trying to take down personal data from social media and other websites for privacy reasons.
In the same survey, 35% of the Brazilian users also revealed that they take extra measures to prevent websites from accessing their data without consent. It is unclear what the measures are, but these statistics clearly point towards a trend of growing privacy awareness among the public, highlighting the need for a much-needed law that may prompt improved data governance policies as relates the processing of sensitive information of the Brazilian public.
Implications
While the LGPD will certainly create a more transparent environment that holds companies accountable for their customer data processing procedures, serious questions about the fairness of the law remain. For instance, the governing body of LGPD, the National Data Protection Authority, is linked to the Brazilian government.
Without an independent body overseeing enforcement of the law, political conflicts of interests are likely to emerge, leading to an unfair application of LGPD. European governments have shown the same ineptitude in enforcing GDPR, which, two years after its enactment, is hardly living up to its promise of protecting user privacy. As such, fears about the efficacy of LGDP are unfortunately well-grounded.
Because the modern laymen is much more informed and aware about online privacy, governments that fail to impose data regulation frameworks equitably risk alienating the public. This is why it is imperative that adequate measures are taken to ensure fair enforcement of the LGPD, lest it should become another piece of legislation of no practical consequence for the general public.
Osama Tahir is a Cybersecurity Analyst at VPNRanks who writes about online privacy, science, and the sociological impact of technology. He staunchly believes in the importance of skeptical inquiry and research, which are all too often neglected in this era of hasty opinion-making.
Gloss