The approval of the Data Protection Law (Law 13709/2018) is an important landmark for the privacy protection in Brazil, however, the complexity of the law and its implementation raises several doubts, both for the consumers as in for the companies that need to comply with the new legislation.

The main point of change imposed by the new law is the need to communicate and inform what data will be collected, how it will be used, its analysis (treatment) and, finally, for what purpose the data will be collected (commercial purposes, advertising , etc…).

The difficulty in achieving this openness is that certain business secrets can be reached (communicated) through the communication to the user, which can negatively impact several companies. On the other hand, from the user’s point of view, there is a question of how to evaluate if your data is actually being used for the purposes presented and in the limit of the form initially described by the company.

The next step of the legislation implementation will depend on the market’s adherence and on the supervision of the State and the its users, which is also another point of conflict, especially considering that the creation of supervisory authority was vetoed when the law was enacted, which creates a series of doubts regarding how data protection legislation will be implemented and, above all, monitored.

Lawyer Author of the Comment: Luciano Del Monaco