News and Business
Is it really necessary to disclose data protection officers’ full identity and contact details?
An administrative inspection proceeding has led the Brazilian Data Protection Authority to confirm its position on the need to publicly identify data protection officers
Subjects
In concluding Administrative Inspection Proceeding No. 00261.006718/2024-14 on April 24, 2025, the Brazilian Data Protection Authority (ANPD) has confirmed that data processing agents must fulfill the requirement of fully disclosing their data protection officers’ (DPOs) identity and contact details, in accordance with the Brazilian Data Protection Law (Law No. 13,709/2018 – LGPD) and ANPD Resolution No. 18/2024.
The ANPD initiated the inspection proceeding in November 2024 following recurring complaints from data subjects regarding processing agents’ inadequate designation and identification of their DPOs, as well as a lack of appropriate communication channels. Large companies were prioritized in the inspection to maximize its impact and reach, given the volume of personal data these companies process and the scope of their operations.
All companies subject to the inspection indicated they would comply with the ANPD’s instructions to address their respective shortcomings, which led to the end of the proceeding.
For more information on this topic, please contact Mattos Filho’s Data Protection & Cybersecurity practice area.
*With the collaboration of Emmanuele Nascimento Rosenhein.
