Best Lawyers logo
 
Insight

Recent Developments on Privacy and Data Protection in Brazil

A change of paradigm is urgent and requires a robust legislation on personal data protection.

Multiple people in a crowd with gridlines and white circles overlayed with orange blocks in the cent
RS

Ricardo Barretto Ferreira da Silva and Camila Taliberti Ribeiro da Silva

August 31, 2017 03:10 PM

Privacy is one of the basic rights guaranteed by the Brazilian Constitution and one of the principles for Internet governance in Brazil. It is also a theme of heated debates because it involves a series of challenging issues in the context of a digital economy, such as technological innovation, respect for human rights, freedom, and democracy.

With the advent of technologies able to massively collect personal data, it’s worrisome that Brazilian organizations, whether public or private, have not yet raised the flag of privacy. An example of this was the cooperation agreement signed in 2013 that was later repealed between the Superior Electoral Court with the Credit Report Entity (SPC Serasa) in order to disclose personal data of about 141 million Brazilian voters. More recently, several court orders determined the WhatsApp blockages as a penalty for not complying with court orders enforcing the disclosure of content messages protected by encryption.

A change of paradigm is urgent and requires robust legislation on personal data protection.

Currently, the Brazilian legal system has several sectorial laws that ensure the inviolability of intimacy and privacy of Brazilian citizens, in accordance with the Brazilian Constitution, the Civil Code, and the Consumer Protection Code.
The Law 12,965/2014 (known as the Internet Bill of Rights or Marco Civil da Internet) was enacted to establish principles and rules for ensuring privacy and data protection on the use of the Internet in Brazil. The decree 8,771/2016, which regulates the law, established guidelines on security standards to be adopted in the retaining, storage, and processing of personal data and private communications, including the use of encryption.

However, Brazilian legislation currently in force is not adequate enough to provide legal certainty on the processing of personal data by public and private entities. The Internet Bill of Rights is a great step toward the implementation of the right to privacy on the Internet, but it does not assure data protection as a whole. Firstly, it is applied only to “Internet connection providers” and “Internet application providers” and does not encompass several important issues, such as the processing of sensitive data, interconnection, and transfer of personal data.

In turn, the Bill of Law 5,276/2016, which is being discussed in the National Congress, aims at solving this lack of legal certainty in the current context, in which personal data is being collected from the massive use of disruptive technologies. According to the Bill of Law, personal data processing activities shall comply with several principles, such as purpose, transparency, security, free access by the data owner, prevention of damages, and non-discrimination.
The consent is one of nine requirements to authorize the processing of personal data. The Bill of Law expressly provides that personal data processing is allowed under free, express, specific, and informed consent. However, certain flexibility is allowed in cases when it is necessary: (i) compliance with legal obligation; (ii) data sharing between governmental entities; (iii) historical, scientific, and statistic research; (iv) execution of contracts, as requested by the data owner; (v) use in judicial or administrative proceeding; (vi) life protection; and (vii) to fulfill legitimate interest of those responsible for processing the data. Such flexibility, however, does not stop the individual from controlling her/his personal data.

The bill also provides special rules on sensitive personal data processing, which can only take place under special consent, or without consent in certain circumstances, such as fulfillment of legal obligation.
International transfer of data is only allowed by the Bill of Law for countries that provide a level of protection for personal data that is equivalent to the level established in Brazilian law. If the personal data is transferred to a country that does not provide a level of protection, special consent is required.

Security measures and good practices are also required by the bill, and individuals and companies shall be subject to the administrative penalties for any breaches of the standards established in the law, which may be applied by an enforcement authority for data protection to be created through the Brazilian government.

In view of this and despite the fact that there is no expectation as to when the Bill of Law will be approved, Brazilian and foreign companies that process personal data must attempt to implement policies on privacy and personal data protection, and ultima ratio be compromised with a transparent corporate governance. This is a sine qua non condition for the sustainable development of disruptive technologies such as the Internet of Things and artificial intelligence.

Related Articles

Privacy Practice

by Casey Waughn

Data protection is all the rage among tech companies and state, national (and even transnational) governments alike. Is it a passing fad or here to stay? And how should businesses and groups of all sizes handle compliance with a blizzard of new laws?

Data protected inside of a bubble requiring multiple identification processes

What Is the Future of Data Protection?

by Holly K. Towle

Data protection laws struggle with big data complexities while traditional privacy rights may see renewed relevance.

Data with lots of people on the street and numbers and DNA print and green

My Data My Rules: An Overview of Data Protection in Brazil

by Fábio Pereira

Technology pixels on a biometric hand scanner with fingerprints at the top

Connecticut Attorney General Releases Status Update on Data Privacy Act

by Gregory Sirico

Connecticut's attorney general recently released a report on the current status of the Data Privacy Act, focusing in on some keys areas of enforcement.

Animated woman's face with code scattered everywhere

Announcing the 7th Annual Women in the Law Publication

by Best Lawyers

The 7th Annual Women in the Law publication is a celebration of all the female legal talent across the country, honoring every woman listed in The Best Lawyers in America and Best Lawyers: Ones to Watch in America.

Cover title page of Best Lawyers Business Edition of Women in the Law; Spring 2022

New England States With Incoming Legislation

by Gregory Sirico

Best Lawyers takes an in depth look at newly proposed bills, litigation and cases coming out of four New England states.

Two New England attorneys stand on the steps to a grand courthouse

Biometric Privacy: It’s Not Just an Illinois Issue

by Molly K. McGinley and Kenn Brotman

How BIPA Litigation May Impact Companies Outside of Illinois

Blue fingerprint that's reflective with black background

A Sea Change on Land

by Suneel Gupta and Linda A. Klein

Autonomous vehicles will revolutionize almost every area of the law. Here’s a look at what’s rapidly approaching.

Yellow car with technology lines blurring the car

A Startup Accelerator Program Sets Cuatrecasas Apart

by Best Lawyers

Miguel de Almada and Frederico Bettencourt Ferreira from the Portuguese firm discuss their 2019 "Law Firm of the Year" award for Litigation and Arbitration.

Graphic of court building with Portuguese symbol at the top and a blue dollar icon

How Do I Protect My Child From Online Predators?

by Kelly L. Frey Sr.

New technologies open up new ways for children to be exploited online. The Children’s Online Privacy Protection Act offers a solution.

Children's online privacy act protecting against TikTok predators

U.S. Steps up Efforts to Review Social Media Use by Immigrants and Visitors

by Bradley L. Ortman

Last month, the DHS implemented a new rule to systematize its efforts to monitor social media use of intending immigrants and travelers to the United States.

Blurred man walks past circle of American flag and magnifying glass

Supreme Court Decision Will Play Important Role in Shaping Defendant Privacy Rights

by Gus Kostopoulos

The primary question will likely come down to whether or not cell phone data and location records are protected interests under the Fourth Amendment.

Cell Phone image with person with multiple locations and city background with multiple circles and c

The European Regulation on Data Protection and Brexit

by Anna Viladàs Jené

After many years of negotiations, on 27 April 2016, the European Regulation concerning the protection of individuals in respect of the processing of personal data and the free movement of this data (hereafter, “the Regulation”), has finally seen the light of day.

United Kingdom flags waving outdoors, symbolizing the UK’s regulatory changes following Brexit

Trending Articles

2026 Best Lawyers Awards: Recognizing Legal Talent Across the United States

by Jamilla Tabbara

The 2026 editions highlight the top 5% of U.S. attorneys, showcase emerging practice areas and reveal trends shaping the nation’s legal profession.

Map of the United States represented in The Best Lawyers in America 2026 awards

Gun Rights for Convicted Felons? The DOJ Says It's Time.

by Bryan Driscoll

It's more than an administrative reopening of a long-dormant issue; it's a test of how the law reconciles the right to bear arms with protecting the public.

Firearms application behind jail bars

2026 Best Lawyers Awards in Canada: Marking 20 Years of Excellence

by Jamilla Tabbara

Honoring Canada’s most respected lawyers and spotlighting the next generation shaping the future of law.

Shining Canadian map marking the 2026 Best Lawyers awards coverage

Revealing the 2026 Best Lawyers Awards in Germany, France, Switzerland and Austria

by Jamilla Tabbara

These honors underscore the reach of the Best Lawyers network and its focus on top legal talent.

map of Germany, France, Switzerland and Austria

Best Lawyers 2026: Discover the Honorees in Brazil, Mexico, Portugal, South Africa and Spain

by Jamilla Tabbara

A growing international network of recognized legal professionals.

Map highlighting the 2026 Best Lawyers honorees across Brazil, Mexico, Portugal, South Africa and Sp

How to Sue for Defamation: Costs, Process and What to Expect

by Bryan Driscoll

Learn the legal standards, costs and steps involved when you sue for defamation, including the difference between libel and slander.

Group of people holding papers with speech bubbles above them

Build Your Legal Practice with Effective Online Networking

by Jamilla Tabbara

How thoughtful online networking supports sustained legal practice growth.

Abstract web of connected figures symbolizing online networking among legal professionals

Algorithmic Exclusion

by Bryan Driscoll

The Workday lawsuit and the future of AI in hiring.

Workday Lawsuit and the Future of AI in Hiring headline

Blogging for Law Firms: Turning Content into Client Connections

by Jamilla Tabbara

How law firms use blogs to earn trust and win clients.

Lawyer typing blog content on laptop in office

Reddit’s Lawsuit Could Change How Much AI Knows About You

by Justin Smulison

Big AI is battling for its future—your data’s at stake.

Reddit Anthropic Lawsuit headline

How to Choose a Good Lawyer: Tips, Traits and Questions to Ask

by Laurie Villanueva

A Practical Guide for Your First-Time Hiring a Lawyer

Three professional lawyers walking together and discussing work

The 2026 Best Lawyers Awards in Chile, Colombia and Puerto Rico

by Jamilla Tabbara

The region’s most highly regarded lawyers.

Map highlighting Chile, Colombia and Puerto Rico for the 2026 Best Lawyers Awards

Common-Law Marriage in Indiana: Are You Legally Protected?

by Laurie Villanueva

Understanding cohabitation rights and common-law marriage recognition in Indiana.

Married Indiana couple in their home

Why Jack Dorsey and Elon Musk Want to 'Delete All IP Law'

by Bryan Driscoll

This Isn’t Just a Debate Over How to Pay Creators. It’s a Direct Challenge to Legal Infrastructure.

Elon Musk and Jack Dorsey standing together Infront of the X logo

AI Tools for Lawyers: How Smithy AI Solves Key Challenges

by Jamilla Tabbara

Understand the features and benefits within the Best Lawyers Digital Marketing Platform.

Legal professional editing profile content with Smithy AI

Alimony Explained: Who Qualifies, How It Works and What to Expect

by Bryan Driscoll

A practical guide to understanding alimony, from eligibility to enforcement, for anyone navigating divorce

two figures standing on stacks of coins

By using our website, you consent to our use of cookies. We use essential cookies to enhance your browsing experience. You may opt out of non-essential cookies. Read our Cookie Policy to learn more.