Best Lawyers logo
 
Insight

Recent Developments on Privacy and Data Protection in Brazil

A change of paradigm is urgent and requires a robust legislation on personal data protection.

Multiple people in a crowd with gridlines and white circles overlayed with orange blocks in the cent
RS

Ricardo Barretto Ferreira da Silva and Camila Taliberti Ribeiro da Silva

August 31, 2017 03:10 PM

Privacy is one of the basic rights guaranteed by the Brazilian Constitution and one of the principles for Internet governance in Brazil. It is also a theme of heated debates because it involves a series of challenging issues in the context of a digital economy, such as technological innovation, respect for human rights, freedom, and democracy.

With the advent of technologies able to massively collect personal data, it’s worrisome that Brazilian organizations, whether public or private, have not yet raised the flag of privacy. An example of this was the cooperation agreement signed in 2013 that was later repealed between the Superior Electoral Court with the Credit Report Entity (SPC Serasa) in order to disclose personal data of about 141 million Brazilian voters. More recently, several court orders determined the WhatsApp blockages as a penalty for not complying with court orders enforcing the disclosure of content messages protected by encryption.

A change of paradigm is urgent and requires robust legislation on personal data protection.

Currently, the Brazilian legal system has several sectorial laws that ensure the inviolability of intimacy and privacy of Brazilian citizens, in accordance with the Brazilian Constitution, the Civil Code, and the Consumer Protection Code.
The Law 12,965/2014 (known as the Internet Bill of Rights or Marco Civil da Internet) was enacted to establish principles and rules for ensuring privacy and data protection on the use of the Internet in Brazil. The decree 8,771/2016, which regulates the law, established guidelines on security standards to be adopted in the retaining, storage, and processing of personal data and private communications, including the use of encryption.

However, Brazilian legislation currently in force is not adequate enough to provide legal certainty on the processing of personal data by public and private entities. The Internet Bill of Rights is a great step toward the implementation of the right to privacy on the Internet, but it does not assure data protection as a whole. Firstly, it is applied only to “Internet connection providers” and “Internet application providers” and does not encompass several important issues, such as the processing of sensitive data, interconnection, and transfer of personal data.

In turn, the Bill of Law 5,276/2016, which is being discussed in the National Congress, aims at solving this lack of legal certainty in the current context, in which personal data is being collected from the massive use of disruptive technologies. According to the Bill of Law, personal data processing activities shall comply with several principles, such as purpose, transparency, security, free access by the data owner, prevention of damages, and non-discrimination.
The consent is one of nine requirements to authorize the processing of personal data. The Bill of Law expressly provides that personal data processing is allowed under free, express, specific, and informed consent. However, certain flexibility is allowed in cases when it is necessary: (i) compliance with legal obligation; (ii) data sharing between governmental entities; (iii) historical, scientific, and statistic research; (iv) execution of contracts, as requested by the data owner; (v) use in judicial or administrative proceeding; (vi) life protection; and (vii) to fulfill legitimate interest of those responsible for processing the data. Such flexibility, however, does not stop the individual from controlling her/his personal data.

The bill also provides special rules on sensitive personal data processing, which can only take place under special consent, or without consent in certain circumstances, such as fulfillment of legal obligation.
International transfer of data is only allowed by the Bill of Law for countries that provide a level of protection for personal data that is equivalent to the level established in Brazilian law. If the personal data is transferred to a country that does not provide a level of protection, special consent is required.

Security measures and good practices are also required by the bill, and individuals and companies shall be subject to the administrative penalties for any breaches of the standards established in the law, which may be applied by an enforcement authority for data protection to be created through the Brazilian government.

In view of this and despite the fact that there is no expectation as to when the Bill of Law will be approved, Brazilian and foreign companies that process personal data must attempt to implement policies on privacy and personal data protection, and ultima ratio be compromised with a transparent corporate governance. This is a sine qua non condition for the sustainable development of disruptive technologies such as the Internet of Things and artificial intelligence.

Related Articles

Privacy Practice

by Casey Waughn

Data protection is all the rage among tech companies and state, national (and even transnational) governments alike. Is it a passing fad or here to stay? And how should businesses and groups of all sizes handle compliance with a blizzard of new laws?

Data protected inside of a bubble requiring multiple identification processes

Biometric Privacy: It’s Not Just an Illinois Issue

by Molly K. McGinley and Kenn Brotman

How BIPA Litigation May Impact Companies Outside of Illinois

Blue fingerprint that's reflective with black background

My Data My Rules: An Overview of Data Protection in Brazil

by Fábio Pereira

Technology pixels on a biometric hand scanner with fingerprints at the top

Canadian Firms Explore AI, But Few Fully Embrace the Shift

by David L. Brown

BLF survey reveals caution despite momentum.

Canadian Firms Explore AI, But Few Fully Embrace the Shift headline

Connecticut Attorney General Releases Status Update on Data Privacy Act

by Gregory Sirico

Connecticut's attorney general recently released a report on the current status of the Data Privacy Act, focusing in on some keys areas of enforcement.

Animated woman's face with code scattered everywhere

Tampa Hospital Suffers Recent Data Breach

by Gregory Sirico

Tampa General Hospital, a non-profit research based medical center, suffered a sizeable data breach that put 1.2 million patients' information at risk.

Laptop reading hacked with translucent medical model in foreground

Biometric Points of Contention

by Gregory Sirico

The collection of individuals' biometric data via smartphones, facial recognition software and more—presents a challenge to consumers, lawyers and legislators.

Animated man with blue eyes and digital pixelations across his face

Announcing the 7th Annual Women in the Law Publication

by Best Lawyers

The 7th Annual Women in the Law publication is a celebration of all the female legal talent across the country, honoring every woman listed in The Best Lawyers in America and Best Lawyers: Ones to Watch in America.

Cover title page of Best Lawyers Business Edition of Women in the Law; Spring 2022

New England States With Incoming Legislation

by Gregory Sirico

Best Lawyers takes an in depth look at newly proposed bills, litigation and cases coming out of four New England states.

Two New England attorneys stand on the steps to a grand courthouse

How Does Your Firm Measure Up?

by Best Lawyers

Best Lawyers Intelligence provides your firm with valuable industry data.

Best Lawyers 27th Edition Stats

A Sea Change on Land

by Suneel Gupta and Linda A. Klein

Autonomous vehicles will revolutionize almost every area of the law. Here’s a look at what’s rapidly approaching.

Yellow car with technology lines blurring the car

A Startup Accelerator Program Sets Cuatrecasas Apart

by Best Lawyers

Miguel de Almada and Frederico Bettencourt Ferreira from the Portuguese firm discuss their 2019 "Law Firm of the Year" award for Litigation and Arbitration.

Graphic of court building with Portuguese symbol at the top and a blue dollar icon

How Do I Protect My Child From Online Predators?

by Kelly L. Frey Sr.

New technologies open up new ways for children to be exploited online. The Children’s Online Privacy Protection Act offers a solution.

Children's online privacy act protecting against TikTok predators

An Interview With Jean-Paul Jassy of Jassy Vick Carolan

by Best Lawyers

The 2019 "Lawyer of the Year" winner for First Amendment Law in Los Angeles speaks about his career highlights.

Jean-Paul Jassy, 2019 "Lawyer of the Year" winner for First Amendment Law

An Interview With Bastian Finkel of BLD Bach Langheid Dallmayr, Germany's 2019 "Law Firm of the Year" Winner in Insurance Law

by Best Lawyers

A look at the new European policies changing the insurance landscape in Germany.

Bastian Finkel 2019 "Law Firm of the Year" Interview

Into the Breach

by John Ettorre

Data breaches have become inevitable. Here’s what you can do to respond.

Blue data text breached by an overlayed red target on a black background

Trending Articles

The Family Law Loophole That Lets Sex Offenders Parent Kids

by Bryan Driscoll

Is the state's surrogacy framework putting children at risk?

family law surrogacy adoption headline

Algorithmic Exclusion

by Bryan Driscoll

The Workday lawsuit and the future of AI in hiring.

Workday Lawsuit and the Future of AI in Hiring headline

Best Lawyers 2026: Discover the Honorees in Brazil, Mexico, Portugal, South Africa and Spain

by Jamilla Tabbara

A growing international network of recognized legal professionals.

Map highlighting the 2026 Best Lawyers honorees across Brazil, Mexico, Portugal, South Africa and Sp

Unenforceable HOA Rules: What Homeowners Can Do About Illegal HOA Actions

by Bryan Driscoll

Not every HOA rule is legal. Learn how to recognize and fight unenforceable HOA rules that overstep the law.

Wooden model houses connected together representing homeowners associations

Holiday Pay Explained: Federal Rules and Employer Policies

by Bryan Driscoll

Understand how paid holidays work, when employers must follow their policies and when legal guidance may be necessary.

Stack of money wrapped in a festive bow, symbolizing holiday pay

Reddit’s Lawsuit Could Change How Much AI Knows About You

by Justin Smulison

Big AI is battling for its future—your data’s at stake.

Reddit Anthropic Lawsuit headline

Florida Rewrites the Rules on Housing

by Laurie Villanueva

Whether locals like it or not.

Florida Rewrites the Rules on Housing headline

US Tariff Uncertainty Throws Canada Into Legal Purgatory

by Bryan Driscoll

The message is clear: There is no returning to pre-2025 normalcy.

US Tariff Uncertainty Throws Canada Into Legal Purgatory headline

Alimony Explained: Who Qualifies, How It Works and What to Expect

by Bryan Driscoll

A practical guide to understanding alimony, from eligibility to enforcement, for anyone navigating divorce

two figures standing on stacks of coins

UnitedHealth's Twin Legal Storms

by Bryan Driscoll

ERISA failures and shareholder fallout in the wake of a CEO’s death.

United healthcare legal storm ceo murder headline

Can a Green Card Be Revoked?

by Bryan Driscoll

Revocation requires a legal basis, notice and the chance to respond before status can be taken away.

Close-up of a U.S. Permanent Resident Card showing the text 'PERMANENT RESIDENT'

The 2026 Best Lawyers Awards in Chile, Colombia and Puerto Rico

by Jamilla Tabbara

The region’s most highly regarded lawyers.

Map highlighting Chile, Colombia and Puerto Rico for the 2026 Best Lawyers Awards

New Texas Family Laws Transform Navigating Divorce, Custody

by Bryan Driscoll

Reforms are sweeping, philosophically distinct and designed to change the way families operate.

definition of family headline

Why Skechers' $9.4B Private Equity Buyout Sparked Investor Revolt

by Laurie Villanueva

Shareholder anger, a lack of transparency and a 'surprising' valuation.

Skechers shareholder lawsuit headline

What Is the Difference Between a Will and a Living Trust?

by Bryan Driscoll

A practical guide to wills, living trusts and how to choose the right plan for your estate.

Organized folders labeled “Wills” and “Trusts” representing estate planning documents

How Far Back Can the IRS Audit You?

by Bryan Driscoll

Clear answers on IRS statutes of limitations, recordkeeping and what to do if you are under review.

Gloved hand holding a spread of one-hundred-dollar bills near an IRS tax document

By using our website, you consent to our use of cookies. We use essential cookies to enhance your browsing experience. You may opt out of non-essential cookies. Read our Cookie Policy to learn more.