President Michel Temer enacted this Tuesday, August 14th, 2018, the Brazilian General Data Protection Law, which regulates the treatment of personal data in public and private sectors. The proposal passed on the Senate was accepted as House of Representatives Bill of Law No. 53/2018 after Bill of Law No. 4,060/2012, from which it came from, has passed on the House of Representatives on May 29, 2018.
The text creates a national law inspired in the international guidelines, especially in those provided by the European Union’s General Data Protection Regulation (GDPR), which is in force since May 25, 2018. In this sense, the treatment of personal data will depend on the subject’s consent, without excluding other possibilities such as the legitimate interest of the data controller. In addition, some conditions are established to the treatment of sensitive data, requirements for international transfer of data, as well as conditions for the treatment of data from underage subjects (which will rely on parents’ consent), among other relevant provisions.
The original wording of the Bill of Law prescribed the creation of a National Data Protection Authority, which would be tied to the Ministry of Justice to exercise certain prerogatives, such as monitoring personal data protection and even imposing sanctions. However, such provision was rejected by the president for being considered unconstitutional.
The new law will be in force after 18 months of its publication, in order to provide to the public and private institutions an adaptation period to the new legal provisions.