Brazil's National Authority for Personal Data Protection (ANPD, in the Portuguese acronym) will be created and the go-live date for the new information law extended through a stopgap measure signed by former president Michel Temer.
The provisional measure that creates the ANPD was released on December 28 as one of the last decisions made by Temer before Jair Bolsonaro took over as the country's new president yesterday (1).
The creation of the agency had been initially vetoed by Temer at the time he signed the country's General Data Protection Regulations last August. The autonomy model of the body was one of the main reasons behind the veto - however, the body is considered crucial for the implementation of the new rules so the government was forced to address the issue.
Attributions of the ANPD as stated in the measure released last week include the creation of frameworks on how to handle information and guide organizations on how to adhere to the rules. It will also be responsible for monitoring and applying fines to non-compliant organizations.
However, since the early discussions of the Bill that originated Brazil's GDPR, the government implied that it would prefer to create a data authority that would not be as heavy-handed towards government agencies as it would have to be with private sector organizations.
Other items vetoed by Temer at the time the data bill was signed included the protection of information of citizens requesting access to government information. The original idea was that such citizen information would not be shared between government agencies or private sector organizations.
If the latest measure goes ahead with its original content, the result would be the creation of a weaker data protection body, linked to the federal government with limited autonomy for decision-making, especially when it comes to protecting citizens against data-related incidents involving public sector bodies.
The new agency would be composed of a board of directors of five members, to be chosen by the president, as well as an advisory board of 23 members including public, private a third sector representatives.
As well as the inception of the new data protection agency, Temer also tried to buy some extra time for local organizations to comply with the new regulations. Brazil's data protection law was due to go live in February 2020 - with the stopgap measure, the deadline would be postponed until August next year.
The measure is due to be voted by the Brazilian Congress over the next 60 days.