Brazil’s Senate has voted to push back the go-live date and enforcement date of its new data protection law in light of the COVID-19 pandemic.
Brazil’s data protection law has been long awaited – the idea for it was birthed out of a debate on how personal data should be protected 10 years ago, in 2010 – and while it was set to go into effect this August, it appears the country will have to wait a little longer to see it actually come to fruition.
In a bill of law last week, the go-live date for the law, the Lei Geral de Proteção de Dados Pessoais, or LGPD, was pushed back to January 2021, with rules and fines around the law set to go into enforcement in August 2021. Like the slew of conferences, events, and many other things, the postponement is yet another delay triggered by the spread COVID-19.
The postponement was packaged in a Bill of Law, PL 1179/2020, approved by the Brazilian Senate on Friday.
While the bill still needs to be approved by Brazil’s House of Representatives, it’s believed it will have no issue passing given the immediacy of the rest of the bill, which revolves around coronavirus emergency measures.
In the Senate’s eyes, amid a global health crisis and the uncertain economic outcome its introduced, many companies in Brazil were busy enough navigating COVID-19’s bumpy waters. Enforcing LGPD and assuming these businesses have their compliance plans properly outlined to contend with it during a pandemic could be a tough ask.
What compounded the decision apparently was the absence of a Brazilian data protection authority. While the authority, the National Data Protection Authority, or Autoridade Nacional de Proteção de Dados in Portuguese was approved by Congress last summer, it hasn’t been created nor has its governing body been chosen.
The delay in the law’s go-live date was widely expected. One politician there, Congressman Carlos Bezerra, urged the country to push back the LGPD’s go-live date even further, to August 15, 2022.
The delay likely won’t sit well with the bulk of Brazilians. A survey that came out late last year suggested that 96 percent of citizens there believe companies don’t do enough to protect their personal information. The survey, carried out by a Harris Poll of 11,000 consumers, found that half of Brazilian consumers believe companies always or frequently share their personal information with organizations they are unaware of. 81 percent acknowledged having lost control of their data’s use by companies.
The news comes as California seemingly continues to grapple with whether or not the state will postpone enforcement around the its forthcoming data privacy law, the California Consumer Protection Act. 34 organizations urged the state’s Attorney General to delay enforcing CCPA last month in light of the COVID-19 pandemic.
Some groups, like the Association of National Advertisers, have continued to push for a delay, especially following a recent executive order by Governor Gavin Newsom extending the period for public review of the proposed new enforcement regime by 60 days, an action that could delay the implementation of enforcement rules.
LGPD is largely based on Europe’s GDPR.