The possibility of extending the effective date of the General Data Protection Law (Law 13.709/2018 - LGPD) to January 1, 2021, approved at the remote deliberative session of the Senate on April 3, intensified debates on the risks that the This decision represents the protection of Brazilians' data, what the State still needs to provide for the law to come into force and how are the companies' efforts to comply with the legislation. The fines and sanctions were extended to August 2021. The decision still depends on a vote in the chamber and presidential sanction. Due to this scenario, ABES promoted the webinar General Data Protection Law (LGPD): Changes and Perspectives, on April 9th.
Thomaz Côrte Real, a specialist in Business, Tax and Data Protection Law and ABES's legal advisor, was the mediator of the event, explained that the proposal for an extension is contained in PL 1179/2020 and that the debates on data protection and privacy are in progress. evidence, including due to monitoring and geolocation initiatives triggered by the Covid-19 outbreak.
The weight of one more postponement
Raissa Moura, from Inloco, an ABES member, stated that the LGPD is a modern law in line with the world. She also pointed out that in Brazil it is still difficult to talk to companies so that they understand that privacy can be a differential, an investment and even a good move towards economic development and innovation. “Brazilian law has the characteristic of placing the data subject at the center of decisions on what can be done with their data. Therefore, the agents that process data will have to have absolute transparency and a look at fundamental and human rights”, he highlighted. Raisa warned that foreign companies and investors do not feel safe in the country for lack of a data protection law. "The LGPD has already been postponed twice and, if the law was already in place, it would be beneficial to the scenario of combating Covid-19, as it brings necessary devices not only from a data protection point of view, but also legal basis for data processing”, he assessed.
Building a culture of privacy
In sequence, Andriei Gutierrez, coordinator of the regulatory committee of ABES and of the Brasil País Digital Movement, highlighted the importance of creating the LGPD to structure and bring legal security to companies in the coming years. He also highlighted that the law brings confidence to the entrepreneur, the consumer and to the State itself. “On the other hand, it is not enough just to have the law, it is necessary to have the institutionalization of the law. Companies need to move forward, look at the good practices that exist in the market and demand that the federal government structure the National Data Protection Authority (ANPD)”, he highlighted. Andriei also stated that everyone – federal government, senate, private sector and business entity – must work towards a culture of privacy, bringing trust, security and driving data-driven economic and social development.
The lack of the National Data Protection Authority
.jpeg)
Fabricio da Mota Alves, lawyer and representative of the Federal Senate appointed to the National Data Protection Council, said that putting the law into effect without the creation of the National Data Protection Authority (ANPD) brings risks because the legislation is subjective and not regulated. He pointed out that the extension of the LGPD's effective date is generally bad and regretted the extension of article 53, which gives the determination for the data authority to consult society on how it will regulate the fines. "The applicability of the infractions is extended to August/2021, but at the same time the sanction will only be worked on in August/2021", he said. For him, the regulation may take three years and this can complicate matters, as there is no way to force the President of the Republic to enact the law, especially now in the pandemic, with so many other focuses. In his assessment, the extension of the law is imminent and the Chamber of Deputies will approve the Senate proposal.
Invest in adapting the company to the LGPD
.jpeg)
José Antonio Batista de Moura Ziebarth, from the Ministry of Economy's bureaucratization, management and digital government secretariat, recalled that the legislation has some major points: legal security; alignment with international practices; and promoting a digital economy that seeks measures to stimulate the most varied business models. On the other hand, he recognizes the difficulty of the private sector in choosing the best way to share data, as without the National Data Protection Authority (ANPD) the strategy for adapting to the LGPD is hampered. “It is important to see that the implementation of the LGPD does not only represent costs for the private sector. These are investments that allow business models and access to markets that would be more bureaucratic without the law”, he considered.
More time for companies to adapt
To finalize the participation of webinar guests, Marcos Semolina, a specialist in governance, risk and privacy at consulting firm EY, highlighted that the rules in Brazil are still not very clear. For him, the law brings benefits by transforming a relevant issue into a more popular topic and causes discomfort in companies due to the risk that they are seen as irresponsible in dealing with the information they keep from customers. Marcos also explained that the law plays an important role and the postponement of the validity of the LGPD could be positive and allow for intensifying the discussion around the subject. “Companies will gain more time to prepare; the effective date of the law determines the start for companies to demonstrate their best behavior in a sustainable manner”, he concluded.
Watch the full webinar: https://www.youtube.com/watch?v=0krH_htlE1k
EN 
PT 
