250ok

Deliverability 101: Brazil’s new privacy legislation is similar to the GDPR.

minute read

Post Image

In August 2018, the Brazilian parliament passed Law No. 13,709, a new privacy law known as the Brazilian General Data Protection Law (GDPL), updating and amending the existing “Brazilian Internet Law” of 2014.

This is another example of major global economies updating outdated privacy legislation to provide more consumer-favored legislation, similar to the GDPR. There are several striking similarities between the Brazilian GDPL, GDPR, and the OECD Privacy Framework, so please bear with us as we drop some legalese on you.

Brazil’s new privacy regulation covers many of the same items we’ve seen in other major privacy laws in recent years, including items classifying data into categories such as personal data, sensitive data, and anonymized data. These are further defined within the legislation as follows:

  • Personal data: Information regarding an identified or identifiable natural person;
  • Sensitive personal data: Personal data concerning racial or ethnic origin, religious belief, political opinion, trade union or religious, philosophical or political organization membership, data concerning health or sex life, genetic or biometric data, when related to a natural person;
  • Anonymized data: Data related to a data subject who cannot be identified, considering the use of reasonable and available technical means at the time of the processing

Article 6 of the GDPL covers a wide range of items aligning with the OECD Privacy Framework, specifically those calling for accountability, accuracy, limitations, purpose and notice of data being collected as well as open access, ability to update and correct information collected on the data subject. The law also notes acceptable security measures need to be implemented and requires assurances that data will not be used in a nondiscriminatory or unlawful manner.

There are several other similarities between the GDPR and the GDPL when it comes to processing sensitive data, data related to minors, data subject rights, and when data should be deleted. There are also similarities regarding data portability, access and correction of data, and the international transfer of consumer data controllers will need to incorporate into their agreements and contracts with data processors.

While there are several similarities to the GDPR and the GDPL, the penalties and enforcement structures are substantially different, as the regional Information Commissioner’s Offices (ICOs) in the EU and the addition of ePrivacy add another level of complexity to the equation. However, in our opinion, if you already managed your internal processes for GDPR, you will need to only make minor changes to be in compliance with the GDPL when it is enforced in February 2020. We advise you to speak with appropriate legal council to see how this new law may impact your business and practices.

*The information contained in this presentation is provided for general informational purposes only and should not be construed as legal advice from 250ok Inc. or the individual author.*

Products

BriteVerify

BriteVerify email verification ensures that an email address actually exists in real-time

DemandTools

The #1 global data quality tool used by thousands of Salesforce admins

Everest

Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality

Solutions

Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time