Brazil’s Senate has voted to push back the go-live date and also the enforcement date of its new data protection law in light of the COVID-19 pandemic.
Brazil’s data protection law is long overdue – the idea for it emerged out of a debate on how personal data should be protected some 10 years ago, in 2010 – and while it was supposed to be in effect this August, now it seems the country will have to wait even longer until it goes live.
In a bill of law last week, the go-live date for the law, the Lei Geral de Proteção de Dados Pessoais, or LGPD, was changed to Jan. 2021, with rules & fines connected to the law will go into enforcement in Aug. 2021. Similar to the huge number of conferences, events, and indeed many other things, this postponement is yet another delay linked to COVID-19.
The postponement was outlined in a Bill of Law, PL 1179/2020, & then approved by the Brazilian Senate last Friday.
While the bill still needs to be approved by Brazil’s House of Representatives, it’s believed it will have no issue passing given the immediacy of the rest of the bill, which revolves around coronavirus emergency measures.
In the Senate’s view, amongst a global health crisis and the uncertain related economic outcome, many companies in Brazil were busy crisis managing COVID-19 related problems. Enforcing LGPD, and assuming these businesses have their compliance plans properly outlined, then to contend with it additionally during a pandemic would be seen as a gross imposition under these circumstances.
Brazilian data protection authority?
What made the decision worse is the complete absence of a Brazilian data protection authority. While the authority, the National Data Protection Authority, or Autoridade Nacional de Proteção de Dados in Portuguese was approved by Congress last summer, it hasn’t actually been created nor has its governing body yet been chosen.
This delay in the law’s go-live date was expected. One politician, Congressman Carlos Bezerra, wanted the country to push back the LGPD’s go-live date even further, to Aug.15, 2022.
The delay likely won’t be liked by the bulk of Brazilians. A survey in 2019 suggested that 96 percent of citizens there believe companies don’t do enough to protect their personal information. This survey, carried out by a Harris Poll of 11,000 consumers, discovered that half of Brazilian consumers think companies always or frequently share their personal information with organizations they are unaware of. 81% admitted having lost control of their data’s use by companies.
Also, further north, California continues to debate whether or not the State will postpone its enforcement around the its forthcoming data privacy law, The California Consumer Protection Act. 34 organizations urged the state’s Attorney General to delay enforcing CCPA last month in the light of the pandemic.
The Association of National Advertisers, have continued to push for a delay, especially following a recent executive order by California Governor Gavin Newsom lengthening the period for public review of the proposed new enforcement regime by a further 60 days, an action that could delay the implementation of enforcement rules.