The Brazilian Senate voted against the delay of the introduction of the country's data protection regulations, which relate to how personal information is treated online and offline.
According to the amendment passed yesterday (26), the regulations are effective immediately. According to Senate president Davi Alcolumbre, administrative sanctions provided for in the law will not be applied until at least August 2021.
Brazil's data protection regulations were approved in 2018 and the original go-live date was August 14, 2020. In April 2020, however, the introduction of the rules had been postponed to May 2021 after the government concluded that some organizations would not be able to adapt in time, due to the Covid-19 outbreak. This was later overturned by the Senate.
A bill voted by the Lower House of the Congress that proposed a delay of the introduction of the rules to December 31, 2020, introducing further confusion to a schedule that has seen several changes over recent years. The Senate then passed the bill without the item that proposed the delay until the end of this year.
The latest amendment must now be sanctioned by president Jair Bolsonaro. Initially, the Senate informed that the regulations were already valid, then informed that the rules would be implemented after the presidential sanction, which could take up to two weeks.
However, the National Data Protection Authority, which will be tasked with enforcing the rules and is set to include members from industry, academia and national Internet governance bodies, still hasn't been formed.
Specialists see immediate go-live of LGPD as an opportunity to finally appoint the members of the authority - the constant delays in the introduction of the regulations were seen as a justification for failure to do so.
Conversely, supporters of the postponement of the regulations point to the legal uncertainty related to introducing regulations without an authority to enforce them.