The Brazilian government has postponed the country's general data protection regulations to May 2021. The GDPR-equivalent framework would be introduced in August 2020.
This is the second time the go-live date for the regulations gets moved, as the rules were originally planned to be introduced earlier this year. The amendment, which is mainly related to the emergency aid currently being provided to Brazilian citizens in the pandemic was announced yesterday (29), following several bills and lobbying around the postponement of the data protection regulations.
One such bill, which was recently approved by the Senate alongside the introduction of debates around loosening some regulations around privacy in the context of the pandemic, is currently with the Congress. The proposal suggested moving the go-live date to January 1, 2021. It also proposed that the fines and penalties for organizations failing to comply with the law would become effective on 15 August 2021.
In a technical note to the Congress, Brazil's Federal Prosecutor's Office argued that only the application of sanctions should be postponed to 2021. The prosecutors argue that the regulations can be helpful in the development of actions and collaboration with foreign actors during the pandemic.
The latest decision postpones only the enforcement date of the regulations, and does not mention the date when the sanctions would become effective, or the timescales around setting up the National Data Protection Authority (ANPD), a new body that would be responsible for areas including the enforcement of the regulations as well as the application of fines. According to specialists, the ANPD is considered essential to navigate the coronavirus pandemic.
The names leading the ANPD still need to appointed by president Jair Bolsonaro. The president and his family are at the center of an ongoing investigation around the dissemination of false information online.