Privacy & Cybersecurity Law Blog

On August 26, 2020, as reported by Brazilian firm Mattos Filho, Veiga Filho, Marrey Jr. e Quiroga Advogados, the Brazilian Senate unexpectedly rejected the President’s Provisional Measure that was previously passed by the House of Representatives and aimed to postpone the applicability of the new Brazilian data protection law (Lei Geral de Proteção de Dados Pessoais, or “LGPD”). The LGPD now will come into effect when the President signs the bill within 15 days of receiving the bill from Congress. The LGPD’s sanctions provisions, however, will continue to apply from August 1, 2021. The President also has issued a decree creating the new Brazilian data protection authority.

As we previously reported, the Brazilian President issued a Provisional Measure temporarily delaying the applicability of the LGPD to May 3, 2021. For this Provisional Measure to become permanent, it had to be approved by both houses of Congress within 120 days—i.e., by August 27, 2020. Congress had the option of (1) rejecting the delay, in which case the LGPD would apply from its original date (August 14, 2020); (2) approving the delay to May 3, 2021; or (3) deciding on a new applicability date.

On August 25, 2020, the House of Representatives voted to modify the applicability date of the LGPD to December 31, 2020. However, on August 26, 2020, the Senate rejected any delays to the LGPD’s applicability. As August 26, 2020 was the last day for the Provisional Measure to be transposed into law, there is no longer time for further modification, and the LGPD will become valid once the President signs the bill, with a retroactive applicability date of August 14, 2020.