
In a surprising turn of events, the LGPD–Brazil’s new privacy law–went from an expected delayed implementation to being fully active. The twists and turns of the LGPD’s jolt to life make one’s head spin. It was originally scheduled to become active on August 16 of this year, but then delayed until May 2021 due to Covid. But then the plan shifted with a proposal to shorten the delay to December 31 of this year. But the legislature then abruptly changed course and through a maneuver, dropped all delays, reverting back to the law’s original active date of August 16th. So, to adapt something J.R.R. Tolkien might have said, we’ve journeyed to there . . . and there . . . and there, and back again . . .
Now, the switch has been flipped, and the LGPD has risen from the table. Instead of tracing the bizarre procedural maneuverings that got us to where we are, I want to provide some information about the LGPD that can help folks who are suddenly starting to contend with this new law.
• The LGPD stands for the name of the law in Portuguese – the Lei Geral de Proteção de Dados Pessoais.
• Regulatory sanctions for LGPD violations will not start until August 1, 2021.
• There is still no regulation to help implement the LGPD.
• Like the GDPR, the LGPD is extraterritorial in its scope. This means that it applies to organizations outside of Brazil offering goods or services to people in Brazil that process the personal data of people in Brazil.
Continue Reading