BRAZIL Law and Practice Contributed by: Ricardo Barretto Ferreira da Silva and Camila Sabino Del Sasso, Azevedo Sette Advogados
• Law No 14,510/2022 – regulates telehealth services through patient’s consent; and • Recommendation No 73/2020 and Resolu - tion No 363/2021 of the National Council of Justice ( Conselho Nacional de Justiça , or CNJ) – they guide the bodies of the Judiciary to adopt measures to comply with/adapt to The LGPD applies to Brazilian companies and also to foreign companies that process per - sonal data of individuals located in Brazil, which means that foreign entities that offer goods or services to Brazilian citizens – or that process their data – must comply with the LGPD, regard - less of where they are based. the provisions of the LGPD. 8.2 Geographical Scope Foreign companies must respect the rights of Brazilian data subjects, including the right to access, correct, delete and port their data. Even if the company is located outside Brazil, it must have appropriate mechanisms in place to allow Brazilian individuals to exercise these rights. In addition, the LGPD permits the cross-border transfer of personal data from Brazil to other countries, but only under specific conditions. The recipient country must ensure an adequate level of data protection or the company must provide safeguards such as standard contrac - tual clauses or obtain explicit consent from data subjects. It is also important to note that Brazil’s Digi - tal Government Law requires that government entities comply with the LGPD. This extends to any international data sharing with foreign gov - ernments or entities involved in public-sector operations.
In summary, foreign companies that process Brazilian data or target Brazilian customers must ensure compliance with the LGPD to avoid legal issues and potential penalties, as well as to pro - tect their ability to operate in Brazil. 8.3 Role and Authority of the Data Protection Agency The National Data Protection Authority ( Autori- dade Nacional de Proteção de Dados , or ANPD) is responsible for ensuring the protection of per - sonal data, guiding, regulating, and overseeing compliance with the Brazilian General Data Pro - tection Act in the national territory. The ANPD is an independent body within the indirect federal public administration and is connected to the Ministry of Justice and Public Security. The agency has technical and deci - sion-making authority, with its own assets, and is responsible for the following functions: • drawing up guidelines for the National Per - sonal Data Protection and Privacy Policy; • promoting the dissemination of knowledge about the rules and public policies related to the protection of personal data and security measures; • promoting and preparing studies on national and international practices for the protection of personal data and privacy; • encouraging the adoption of standards for services and products that make it easier for data subjects to exercise control over their personal data; • supervising and applying sanctions in the event of data being processed in violation of the legislation.
80
CHAMBERS.COM
Powered by FlippingBook