ICANNWiki

General Personal Data Protection Law: Difference between revisions

← Older edit
MarkWD (talk | contribs)
Bureaucrats, Check users, Interface administrators, Administrators (Semantic MediaWiki), Curators (Semantic MediaWiki), Editors (Semantic MediaWiki), steward, Suppressors, Administrators, Temporary account IP viewers
25,069 edits
VisualWikitext
Iagocapistrano (talk | contribs)
Trusted Users
13 edits
mNo edit summary
normalization
 
(5 intermediate revisions by 4 users not shown)
Line 1: Line 1:
The '''Brazilian General Data Protection Law''' (Portuguese: ''Lei Geral de Proteção de Dados Pessoais'', or '''LGPD'''), officially ''Law No. 13.709/2018'', is Brazil's comprehensive data protection legislation. It establishes rules for the collection, processing, storage, and sharing of personal data, both online and offline. The LGPD aligns Brazil with international data protection standards, such as the European Union's General Data Protection Regulation (GDPR), and represents a major milestone in the country’s digital governance framework.
{{Norm
| norm_title = Brazilian General Data Protection Law
| alternative_name = Lei Geral de Proteção de Dados Pessoais (LGPD)
| norm_type =  Law
| issuing_body = Parliament of Brazil
| scope_geo =  National
| country = Brazil
| norm_status = Active
| official_text = https://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm
| norm_language = Portuguese
}}
 
The '''Brazilian General Data Protection Law''' (Portuguese: ''Lei Geral de Proteção de Dados Pessoais'', or '''LGPD'''), officially ''Law No. 13.709/2018'', is Brazil's comprehensive data protection legislation. It establishes rules for the collection, processing, storage, and sharing of personal data, both online and offline. The LGPD aligns Brazil with international data protection standards, such as the European Union's General Data Protection Regulation (GDPR), and represents a major milestone in the country’s digital governance framework.<ref>https://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm</ref>
<ref>https://iapp.org/resources/article/brazilian-data-protection-law-lgpd-english-translation/</ref>


== Background and Legislative Context ==
== Background and Legislative Context ==
Line 8: Line 21:
== Scope and Applicability ==
== Scope and Applicability ==
The LGPD applies to '''any individual or legal entity''', public or private, that processes personal data within Brazil or targets individuals located in Brazil, regardless of where the data processor is based. It covers both '''digital and non-digital data processing activities'''.
The LGPD applies to '''any individual or legal entity''', public or private, that processes personal data within Brazil or targets individuals located in Brazil, regardless of where the data processor is based. It covers both '''digital and non-digital data processing activities'''.
(Ref: ''Articles 1 and 3'', LGPD)
(Ref: ''Articles 1 and 3'', LGPD)


Line 18: Line 30:
* '''Controller''': The person or entity responsible for decisions regarding the processing of personal data.
* '''Controller''': The person or entity responsible for decisions regarding the processing of personal data.
* '''Processor''': The person or entity that processes personal data on behalf of the controller.
* '''Processor''': The person or entity that processes personal data on behalf of the controller.
(Ref: ''Article 5'', LGPD)
(Ref: ''Article 5'', LGPD)


Line 32: Line 43:
* '''Security''': Use of technical and administrative measures to protect data.
* '''Security''': Use of technical and administrative measures to protect data.
* '''Accountability and Prevention''': Demonstration of compliance and risk mitigation.
* '''Accountability and Prevention''': Demonstration of compliance and risk mitigation.
(Ref: ''Article 6'', LGPD)
(Ref: ''Article 6'', LGPD)


== Legal Bases for Processing ==
== Legal Bases for Processing ==
The '''LGPD establishes 11 legal bases''' that authorize the processing of personal data. These are divided according to the nature of the data:
The '''LGPD establishes 11 legal bases''' that authorize the processing of personal data. These are divided according to the nature of the data:
* '''10 legal bases apply to the processing of personal data''' (Article 7)
* '''10 legal bases apply to the processing of personal data''' (Article 7)
* '''8 legal bases apply to the processing of sensitive personal data''' (Article 11)
* '''8 legal bases apply to the processing of sensitive personal data''' (Article 11)
Line 53: Line 62:
# '''Legitimate interest''': When processing is necessary for the legitimate interests of the controller or third parties, provided it does not violate fundamental rights and freedoms of the data subject.
# '''Legitimate interest''': When processing is necessary for the legitimate interests of the controller or third parties, provided it does not violate fundamental rights and freedoms of the data subject.
# '''Credit protection''': For credit scoring and financial risk analysis, within the limits of applicable law.
# '''Credit protection''': For credit scoring and financial risk analysis, within the limits of applicable law.
(Ref: ''Article 7, LGPD'')
(Ref: ''Article 7, LGPD'')


Line 74: Line 82:
* '''Legitimate interest'''
* '''Legitimate interest'''
* '''Credit protection'''
* '''Credit protection'''
(Ref: ''Article 11, LGPD'')
(Ref: ''Article 11, LGPD'')


Line 89: Line 96:
# '''Refusal of Consent:''' Be informed about the option of not giving consent and the consequences.
# '''Refusal of Consent:''' Be informed about the option of not giving consent and the consequences.
# '''Withdrawal of Consent:''' Revoke consent at any time.
# '''Withdrawal of Consent:''' Revoke consent at any time.


Additional rights include:
Additional rights include:
Line 98: Line 104:


Controllers must respond to requests '''free of charge''' and within regulatory deadlines. Data must be provided in a clear, accessible format, either digitally or on paper.
Controllers must respond to requests '''free of charge''' and within regulatory deadlines. Data must be provided in a clear, accessible format, either digitally or on paper.
(Ref: ''Articles 18–20'', LGPD)
(Ref: ''Articles 18–20'', LGPD)


Line 108: Line 113:
* Clear communication channels for data subjects
* Clear communication channels for data subjects
* Incident notification procedures (within a reasonable time to the '''ANPD''' and, if necessary, to data subjects)
* Incident notification procedures (within a reasonable time to the '''ANPD''' and, if necessary, to data subjects)
(Ref: ''Articles 37–41'', LGPD)
(Ref: ''Articles 37–41'', LGPD)


Line 120: Line 124:


The ANPD also acts as a bridge between Brazil’s legal framework and international data protection standards, facilitating cooperation with other supervisory authorities.
The ANPD also acts as a bridge between Brazil’s legal framework and international data protection standards, facilitating cooperation with other supervisory authorities.
(Ref: ''Articles 55–59'', LGPD)
(Ref: ''Articles 55–59'', LGPD)


Line 132: Line 135:


The law also allows for civil and criminal liability under other applicable legislation.
The law also allows for civil and criminal liability under other applicable legislation.
(Ref: ''Article 52'', LGPD)
(Ref: ''Article 52'', LGPD)


Line 141: Line 143:


== References ==
== References ==
<ref>https://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm</ref>
{{reflist}}
<ref>https://iapp.org/resources/article/brazilian-data-protection-law-lgpd-english-translation/</ref>
Retrieved from "https://staging.icannwiki.org/General_Personal_Data_Protection_Law"