Facebook asks permission to use personal data in Brazil

Facebook has started to ask permission to use certain types of personal user data in Brazil as part of measures towards compliance with upcoming data protection regulations.

Without specifying which types of information will require user consent, the company said the requests have been introduced today (20). According to Facebook's head of public policy for Latin America, Paula Vargas, the company will also add a privacy notice to its data policies on Facebook and Instagram, with more information about the General Data Protection Regulation (LGPD, in the Portuguese acronym), as well as their legal rights.

"We believe that everyone has a fundamental right to privacy and therefore we would like to take the opportunity that LGPD presents to explain how we are improving our products and tools to meet LGPD's data protection requirements and how this will impact people", Vargas said in a blog post.

Facebook has also updated its terms for business tools and ad targeting, the executive noted, adding that the firm supports "this global drive to protect the privacy of people online and give businesses like ours more clarity about what the rules should be."

Citing the new global data processing terms Facebook announced in July, Vargas said the social networking firm will not require any further action from companies that advertise in the platform when the new regulations come into effect in Brazil.

After a series of delays, Brazil's data protection regulations will be enforced on August 14, with sanctions enforced from August 2021. A bill had proposed postponing the introduction of the LGPD until May 2021, but that still needs to be approved by the Congress - if the bill is not voted within the coming weeks, the regulations will go live on the planned date.

According to industry experts, the constant postponements of the introduction of data protection regulations are not the main issue. The real problem when it comes to data protection regulations in Brazil is the absence of the National Data Protection Authority, which would be responsible for enforcing the rules. The members of the authority still have to be appointed.

The enforcement of sanctions for non-compliance a year after the regulations are introduced is another issue, as adjustments required around data protection regulations will be made after the rules go live. In this scenario, businesses will be lacking clarity as to what needs to be done, and, on the other hand, would not be held responsible for any potential infractions.