News and Business
Bill strengthening protections for public officials’ data in Brazil now subject to presidential assent
Bill No. 4,015/2023 is set to double penalties for data violations affecting members of Brazil's judiciary, Public Prosecutor's and Defender's Offices, and court officers
Subjects
Brazil’s President has until May 9, 2025 (as per the designated timeline) to assent to Bill No. 4,015/2023. If signed into law, the bill will amend the country’s General Data Protection Law (LGPD) to include provisions that further protect the data of members of the judiciary, Public Prosecutor’s Offices, Public Defender’s Offices, and court officers. The bill was formally approved in Congress on April 8, 2025.
Bill No. 4,015/2023 amends the LGPD to strengthen protections for the data of public officials who are potentially exposed to risks stemming from carrying out their professional functions. The following planned changes particularly stand out:
- Stronger administrative penalties: the one-time or daily fines provided for in Article 52, items II and III of the LGPD may be applied twice in the event an LGPD-related violation involves the personal data of public officials (limited up to BRL 100 million); and
- New criteria regarding risks to public official data subjects: the bill includes Article 14-A in the LGPD to establish that the risks inherent to the duties of public officials must always be considered. In the event of a data breach that poses a risk to the integrity of these subjects’ data, the Brazilian Data Protection Agency (ANPD) must be notified, and it may adopt precautionary measures.
The changes Bill No. 4,015/2023 introduces directly impact data processing agents who handle the data of public officials in connection with the justice system. Such processing agents should therefore conduct a detailed analysis of their security measures, internal controls, and the incident response protocols they have already implemented, as well as review their data protection governance documents.
For more information on this topic, please contact Mattos Filho’s Data Protection & Cybersecurity practice area.
