ICANNWiki

General Personal Data Protection Law: Difference between revisions

← Older edit
MarkWD (talk | contribs)
Bureaucrats, Check users, Interface administrators, Administrators (Semantic MediaWiki), Curators (Semantic MediaWiki), Editors (Semantic MediaWiki), steward, Suppressors, Administrators, Temporary account IP viewers
25,069 edits
VisualWikitext
normalization
normalization
 
Line 11: Line 11:
}}
}}


The '''Brazilian General Data Protection Law''' (Portuguese: ''Lei Geral de Proteção de Dados Pessoais'', or '''LGPD'''), officially ''Law No. 13.709/2018'', is Brazil's comprehensive data protection legislation. It establishes rules for the collection, processing, storage, and sharing of personal data, both online and offline. The LGPD aligns Brazil with international data protection standards, such as the European Union's General Data Protection Regulation (GDPR), and represents a major milestone in the country’s digital governance framework.
The '''Brazilian General Data Protection Law''' (Portuguese: ''Lei Geral de Proteção de Dados Pessoais'', or '''LGPD'''), officially ''Law No. 13.709/2018'', is Brazil's comprehensive data protection legislation. It establishes rules for the collection, processing, storage, and sharing of personal data, both online and offline. The LGPD aligns Brazil with international data protection standards, such as the European Union's General Data Protection Regulation (GDPR), and represents a major milestone in the country’s digital governance framework.<ref>https://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm</ref>
<ref>https://iapp.org/resources/article/brazilian-data-protection-law-lgpd-english-translation/</ref>


== Background and Legislative Context ==
== Background and Legislative Context ==
Line 20: Line 21:
== Scope and Applicability ==
== Scope and Applicability ==
The LGPD applies to '''any individual or legal entity''', public or private, that processes personal data within Brazil or targets individuals located in Brazil, regardless of where the data processor is based. It covers both '''digital and non-digital data processing activities'''.
The LGPD applies to '''any individual or legal entity''', public or private, that processes personal data within Brazil or targets individuals located in Brazil, regardless of where the data processor is based. It covers both '''digital and non-digital data processing activities'''.
(Ref: ''Articles 1 and 3'', LGPD)
(Ref: ''Articles 1 and 3'', LGPD)


Line 30: Line 30:
* '''Controller''': The person or entity responsible for decisions regarding the processing of personal data.
* '''Controller''': The person or entity responsible for decisions regarding the processing of personal data.
* '''Processor''': The person or entity that processes personal data on behalf of the controller.
* '''Processor''': The person or entity that processes personal data on behalf of the controller.
(Ref: ''Article 5'', LGPD)
(Ref: ''Article 5'', LGPD)


Line 48: Line 47:
== Legal Bases for Processing ==
== Legal Bases for Processing ==
The '''LGPD establishes 11 legal bases''' that authorize the processing of personal data. These are divided according to the nature of the data:
The '''LGPD establishes 11 legal bases''' that authorize the processing of personal data. These are divided according to the nature of the data:
* '''10 legal bases apply to the processing of personal data''' (Article 7)
* '''10 legal bases apply to the processing of personal data''' (Article 7)
* '''8 legal bases apply to the processing of sensitive personal data''' (Article 11)
* '''8 legal bases apply to the processing of sensitive personal data''' (Article 11)
Line 98: Line 96:
# '''Refusal of Consent:''' Be informed about the option of not giving consent and the consequences.
# '''Refusal of Consent:''' Be informed about the option of not giving consent and the consequences.
# '''Withdrawal of Consent:''' Revoke consent at any time.
# '''Withdrawal of Consent:''' Revoke consent at any time.


Additional rights include:
Additional rights include:
Line 107: Line 104:


Controllers must respond to requests '''free of charge''' and within regulatory deadlines. Data must be provided in a clear, accessible format, either digitally or on paper.
Controllers must respond to requests '''free of charge''' and within regulatory deadlines. Data must be provided in a clear, accessible format, either digitally or on paper.
(Ref: ''Articles 18–20'', LGPD)
(Ref: ''Articles 18–20'', LGPD)


Line 117: Line 113:
* Clear communication channels for data subjects
* Clear communication channels for data subjects
* Incident notification procedures (within a reasonable time to the '''ANPD''' and, if necessary, to data subjects)
* Incident notification procedures (within a reasonable time to the '''ANPD''' and, if necessary, to data subjects)
(Ref: ''Articles 37–41'', LGPD)
(Ref: ''Articles 37–41'', LGPD)


Line 129: Line 124:


The ANPD also acts as a bridge between Brazil’s legal framework and international data protection standards, facilitating cooperation with other supervisory authorities.
The ANPD also acts as a bridge between Brazil’s legal framework and international data protection standards, facilitating cooperation with other supervisory authorities.
(Ref: ''Articles 55–59'', LGPD)
(Ref: ''Articles 55–59'', LGPD)


Line 141: Line 135:


The law also allows for civil and criminal liability under other applicable legislation.
The law also allows for civil and criminal liability under other applicable legislation.
(Ref: ''Article 52'', LGPD)
(Ref: ''Article 52'', LGPD)


Line 151: Line 144:
== References ==
== References ==
{{reflist}}
{{reflist}}
<ref>https://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm</ref>
<ref>https://iapp.org/resources/article/brazilian-data-protection-law-lgpd-english-translation/</ref>
Retrieved from "https://staging.icannwiki.org/General_Personal_Data_Protection_Law"