Home News Brazil Announces National Data Protection Council

Brazil Announces National Data Protection Council

Brazil Announces National Data Protection Council

The Brazilian government has announced the members of the National Council for the Protection of Personal Data and Privacy (CNPD) as part of the process of implementation of the country’s data protection rules.

Announced on Monday (9) through a presidential decree, the advisory board is part of the implementation of Brazil’s General Data Protection Law (LGPD). The council is tasked with the formulation of guidelines for the application of the data protection rules, including the provision of subsidies for the creation of the national data protection and privacy policy.

In addition to various government officials, the council includes representatives of civil society organizations, academia, trade unions, and various public sector bodies.

The 23 board members and deputies of the CNPD will be serving the council under a two-year term. Board members to the CNPD are considered to be a relevant, unpaid provision of public service.

The constitution of the CNPD board took place through the publication of notices by the National Data Protection Authority (ANPD) for the formation of lists to be submitted to president Jair Bolsonaro for nomination. The specialists chosen to be part of the council were picked out of 122 submissions received as a response to the 5 notices published by the data protection authority.

According to the president at the National Data Protection Authority, Waldemar Gonçalves, the input of the CNPD members will be “extremely important in consolidating and disseminating” Brazil’s data protection and privacy policy.

The presidential decree does not report when the CNPD will take office. The CNPD board will meet on an ordinary basis three times a year and on an extraordinary basis whenever called by the chairman of the council.

Brazil’s data protection regulations were introduced in September 2020. At the time, it was determined that organizations would have a grace period of one year to adapt to the new rules, despite attempts to push the sanctions to 2022. The board members of the body responsible for enforcing the regulations, the ANPD, were appointed in October 2020.

From August 1, Brazilian organizations processing sensitive data are subject to fines and other administrative sanctions in cases of violation of the data protection rules. The ANPD has pledged to adopt a “responsive approach” towards organizations failing to comply.