International Data Privacy Day: an overview of the ANPD’s efforts in 2023
Brazil's Data Protection Authority ramped up efforts to regulate and enforce the Brazilian Data Protection Law last year
Subjects
January 28 is the date when the world celebrates International Data Privacy Day. In Brazil, data privacy is primarily governed by Law No. 13,709/2018 (Brazilian Data Protection Law – LGPD), though many aspects of the law still require further supplementary regulation. The Brazilian Data Protection Authority (ANPD) is the main body responsible for implementing regulations, guiding data agents and data subjects and enforcing the LGPD.
The ANPD effectively commenced operations in 2020, two years after the LGPD was passed into law. Since then, the ANPD has been issuing guidelines and regulations to bolster the enforcement of the law.
2023 witnessed an increase in the enforcement of the LGPD by the ANPD, and fines started to be imposed on infringing companies. The authority opened public consultations on proposed regulations on critical issues, such as data breaches, international data transfers, the legal basis of legitimate interest, appointment of data protection officers (DPOs), and regulatory frameworks for artificial intelligence.
Notable publications from the ANPD include the Regulation for Calculating and Applying Administrative Sanctions, the first interpretative statement on children’s and adolescents’ data, and a list of key topics on the regulatory agenda for 2024 – including artificial intelligence, biometric data, the processing of children’s and adolescents’ data, data breach reporting, and data anonymization.
In commemoration of International Data Privacy Day, Mattos Filho’s Data Protection & Cybersecurity practice has published an infographic outlining some of the milestones achieved by ANPD in 2023.
For further information on this topic, please contact Mattos Filho’s Data Protection & Cybersecurity practice area.