Best Lawyers logo
 
Insight

Recent Developments on Privacy and Data Protection in Brazil

A change of paradigm is urgent and requires a robust legislation on personal data protection.

Privacy and Data Protection Brazil
RS

Ricardo Barretto Ferreira da Silva and Camila Taliberti Ribeiro da Silva

August 31, 2017 03:10 PM

Privacy is one of the basic rights guaranteed by the Brazilian Constitution and one of the principles for Internet governance in Brazil. It is also a theme of heated debates because it involves a series of challenging issues in the context of a digital economy, such as technological innovation, respect for human rights, freedom, and democracy.

With the advent of technologies able to massively collect personal data, it’s worrisome that Brazilian organizations, whether public or private, have not yet raised the flag of privacy. An example of this was the cooperation agreement signed in 2013 that was later repealed between the Superior Electoral Court with the Credit Report Entity (SPC Serasa) in order to disclose personal data of about 141 million Brazilian voters. More recently, several court orders determined the WhatsApp blockages as a penalty for not complying with court orders enforcing the disclosure of content messages protected by encryption.

A change of paradigm is urgent and requires robust legislation on personal data protection.

Currently, the Brazilian legal system has several sectorial laws that ensure the inviolability of intimacy and privacy of Brazilian citizens, in accordance with the Brazilian Constitution, the Civil Code, and the Consumer Protection Code.
The Law 12,965/2014 (known as the Internet Bill of Rights or Marco Civil da Internet) was enacted to establish principles and rules for ensuring privacy and data protection on the use of the Internet in Brazil. The decree 8,771/2016, which regulates the law, established guidelines on security standards to be adopted in the retaining, storage, and processing of personal data and private communications, including the use of encryption.

However, Brazilian legislation currently in force is not adequate enough to provide legal certainty on the processing of personal data by public and private entities. The Internet Bill of Rights is a great step toward the implementation of the right to privacy on the Internet, but it does not assure data protection as a whole. Firstly, it is applied only to “Internet connection providers” and “Internet application providers” and does not encompass several important issues, such as the processing of sensitive data, interconnection, and transfer of personal data.

In turn, the Bill of Law 5,276/2016, which is being discussed in the National Congress, aims at solving this lack of legal certainty in the current context, in which personal data is being collected from the massive use of disruptive technologies. According to the Bill of Law, personal data processing activities shall comply with several principles, such as purpose, transparency, security, free access by the data owner, prevention of damages, and non-discrimination.
The consent is one of nine requirements to authorize the processing of personal data. The Bill of Law expressly provides that personal data processing is allowed under free, express, specific, and informed consent. However, certain flexibility is allowed in cases when it is necessary: (i) compliance with legal obligation; (ii) data sharing between governmental entities; (iii) historical, scientific, and statistic research; (iv) execution of contracts, as requested by the data owner; (v) use in judicial or administrative proceeding; (vi) life protection; and (vii) to fulfill legitimate interest of those responsible for processing the data. Such flexibility, however, does not stop the individual from controlling her/his personal data.

The bill also provides special rules on sensitive personal data processing, which can only take place under special consent, or without consent in certain circumstances, such as fulfillment of legal obligation.
International transfer of data is only allowed by the Bill of Law for countries that provide a level of protection for personal data that is equivalent to the level established in Brazilian law. If the personal data is transferred to a country that does not provide a level of protection, special consent is required.

Security measures and good practices are also required by the bill, and individuals and companies shall be subject to the administrative penalties for any breaches of the standards established in the law, which may be applied by an enforcement authority for data protection to be created through the Brazilian government.

In view of this and despite the fact that there is no expectation as to when the Bill of Law will be approved, Brazilian and foreign companies that process personal data must attempt to implement policies on privacy and personal data protection, and ultima ratio be compromised with a transparent corporate governance. This is a sine qua non condition for the sustainable development of disruptive technologies such as the Internet of Things and artificial intelligence.

Related Articles

Privacy Practice

by Casey Waughn

Data protection is all the rage among tech companies and state, national (and even transnational) governments alike. Is it a passing fad or here to stay? And how should businesses and groups of all sizes handle compliance with a blizzard of new laws?

Data Protection Prompt New Privacy Laws

The Future of Data Privacy: You Can Run but You Can’t Hide (or Can You?)

by Chad W. King

In Ernest Cline’s dystopian novel "Ready Player One," the world’s population is addicted to a virtual reality game called the OASIS.

The Future of Data Privacy

My Data My Rules: An Overview of Data Protection in Brazil

by Fábio Pereira

My Data My Rules

Connecticut Attorney General Releases Status Update on Data Privacy Act

by Gregory Sirico

Connecticut's attorney general recently released a report on the current status of the Data Privacy Act, focusing in on some keys areas of enforcement.

Animated woman's face with code scattered everywhere

Current State of EU to U.S. Data Transfers

by Gregory Sirico

The Biden Administration and European Commission recently came to a principle political agreement concerning the ever-changing future of EU to U.S. data transfers.

New Framework for EU and U.S. Data Transfers

Announcing the 7th Annual Women in the Law Publication

by Best Lawyers

The 7th Annual Women in the Law publication is a celebration of all the female legal talent across the country, honoring every woman listed in The Best Lawyers in America and Best Lawyers: Ones to Watch in America.

Honoring Female Lawyers in the United States

New England States With Incoming Legislation

by Gregory Sirico

Best Lawyers takes an in depth look at newly proposed bills, litigation and cases coming out of four New England states.

New England Laws Taking Effect in 2022

Biometric Privacy: It’s Not Just an Illinois Issue

by Molly K. McGinley and Kenn Brotman

How BIPA Litigation May Impact Companies Outside of Illinois

Blue fingerprint that's reflective with black background

A Sea Change on Land

by Suneel Gupta and Linda A. Klein

Autonomous vehicles will revolutionize almost every area of the law. Here’s a look at what’s rapidly approaching.

Legal Considerations for Autonomous Vehicles

A Startup Accelerator Program Sets Cuatrecasas Apart

by Best Lawyers

Miguel de Almada and Frederico Bettencourt Ferreira from the Portuguese firm discuss their 2019 "Law Firm of the Year" award for Litigation and Arbitration.

Cuatrecasas "Law Firm of the Year"

How Do I Protect My Child From Online Predators?

by Kelly L. Frey Sr.

New technologies open up new ways for children to be exploited online. The Children’s Online Privacy Protection Act offers a solution.

What COPPA Means for Your Child

Supreme Court Decision Will Play Important Role in Shaping Defendant Privacy Rights

by Gus Kostopoulos

The primary question will likely come down to whether or not cell phone data and location records are protected interests under the Fourth Amendment.

Defendant Privacy Rights

The European Regulation on Data Protection and Brexit

by Anna Viladàs Jené

After many years of negotiations, on 27 April 2016, the European Regulation concerning the protection of individuals in respect of the processing of personal data and the free movement of this data (hereafter, “the Regulation”), has finally seen the light of day.

Brexit Data Protection

Trending Articles

Introducing the 2026 Best Lawyers Awards in Australia, Japan, New Zealand and Singapore

by Jennifer Verta

This year’s awards reflect the strength of the Best Lawyers network and its role in elevating legal talent worldwide.

2026 Best Lawyers Awards in Australia, Japan, New Zealand and Singapore

Revealing the 2026 Best Lawyers Awards in Germany, France, Switzerland and Austria

by Jamilla Tabbara

These honors underscore the reach of the Best Lawyers network and its focus on top legal talent.

map of Germany, France, Switzerland and Austria

Effective Communication: A Conversation with Jefferson Fisher

by Jamilla Tabbara

The power of effective communication beyond the law.

Image of Jefferson Fisher and Phillip Greer engaged in a conversation about effective communication

The 2025 Legal Outlook Survey Results Are In

by Jennifer Verta

Discover what Best Lawyers honorees see ahead for the legal industry.

Person standing at a crossroads with multiple intersecting paths and a signpost.

The Best Lawyers Network: Global Recognition with Long-term Value

by Jamilla Tabbara

Learn how Best Lawyers' peer-review process helps recognized lawyers attract more clients and referral opportunities.

Lawyers networking

Jefferson Fisher: The Secrets to Influential Legal Marketing

by Jennifer Verta

How lawyers can apply Jefferson Fisher’s communication and marketing strategies to build trust, attract clients and grow their practice.

Portrait of Jefferson Fisher a legal marketing expert

Is Your Law Firm’s Website Driving Clients Away?

by Jamilla Tabbara

Identify key website issues that may be affecting client engagement and retention.

Phone displaying 'This site cannot be reached' message

A Guide to Workers' Compensation Law for 2025 and Beyond

by Bryan Driscoll

A woman with a laptop screen reflected in her glasses

Best Lawyers Launches CMO Advisory Board

by Jamilla Tabbara

Strategic counsel from legal marketing’s most experienced voices.

Group photo of Best Lawyers CMO Advisory Board members

Common Law Firm Landing Page Problems to Address

by Jamilla Tabbara

Identify key issues on law firm landing pages to improve client engagement and conversion.

Laptop showing law firm landing page analytics

Changes in California Employment Law for 2025

by Laurie Villanueva

What employers need to know to ensure compliance in the coming year and beyond

A pair of hands holding a checklist featuring a generic profile picture and the state of California

New Employment Law Recognizes Extraordinary Stress Is Everyday Reality for NY Lawyers

by Bryan Driscoll

A stressed woman has her head resting on her hands above a laptop

Turn Visitors into Clients with Law Firm Website SEO That Converts

by Jamilla Tabbara

Learn how to create high-converting law firm landing pages that drive client engagement and lead generation.

Laptop screen displaying website tools to improve client conversion rates

Medical Malpractice Reform Trends in Texas, Utah, Georgia and SC

by Bryan Driscoll

A fresh wave of medical malpractice reform is reshaping the law.

Medical Malpractice Reform Trends hed

Best Lawyers Introduces Smithy AI

by Jamilla Tabbara

Transforming legal content creation for attorneys and firms.

Start using Smithy AI, a content tool by Best Lawyers

SEO for Law Firms: Overcoming Common Challenges

by Jamilla Tabbara

Tackle common SEO challenges and take the next step with our guide, How to Make Your Law Firm Easier to Find Online.

Graphic image of a phone displaying SEO rankings, with positions 1, 2 and 3 on the screen

We use cookies to enhance your browsing experience. By continuing to use our website, you accept our cookies. Read our Cookie Policy to learn more.