Assessment of Data Protection in Brazil (EU GDPR, Art. 45, 2)
1. - The Rule of Law in Brazil:
Brazil is a Federative Republic, with a President in charge of the Executive Power, and well established Legislative and Judiciary Powers.
The country has more than 200 million habitants, being a very relevant economy in the World, with a Gross Domestic Product (official exchange rate) higher than 2 trillions of dollars.
The State is divided in the Union, 26 States, and more than 5.000 Municipalities. To Relevant Facts in Brazil concerning the past 20 years (1998 – 2018) access https://decontilawoffice.com/brazil
2. - Human rights in Brazil, fundamental freedoms and social rights:
The Brazilian Federal Constitution protects the rights of intimacy, of privacy, the honor, the image (Article 5, X) and the confidentiality of mail as well as the secrecy of electronic communication means, excepting in cases of criminal justice (Article 5, XII).
Also, it is estated the right to access to information, observing the source’s secrecy when necessary to professional practice (Article 5, XIV), and the right of property (Article 5, XXII), including its social function (Article 5, XXIII). There is habeas data (Article 5, LXXI). Additionally, the Brazilian Federal Constitution, in the Article 5, protects the rights to life, liberty, equality, security and property.
In practical terms, concerning to Violence, even with organized violence trough the nation in some isolated events, the country do not live in civil war, nor in an explicit dictator environment, nor with war with third countries. There is no right to the citizens have guns, as well as there is no death penalty in the criminal legal system. There are about 1 million of lawyers in Brazil (2018).
Concerning to Education, there is a public system of education for all, but the best education (for children and teenagers) is on the private sector, being the scholar years in Brazil divided in Basic Education (for children until 5), the Fundamental Education (from 6 to 14 years), and the Middle Education (from 15 to 17). After these steps, there is the Superior Education in College/Faculty (that can be from 3 to 6 years). Also, there are a lot of post-graduate courses in the country (latu and strictu sensu), as well as the existence of education focused in the professional side. There are about more than 2.000 Institutions of Superior Education in Brazil.
Concerning to Health System, there is the public sector for all, and the private sector for whom can pay. There are about 400,000 doctors in Brazil according to the Federal Council of Medicine (2018’s data).
3. - Brazilian relevant legislation:
1940 - Brazilian Criminal Codex: Law-Decree 2.848/1.940
1941 - Brazilian Criminal Procedure Codex: Law-Decree 3.689/1.941
1943 - Brazilian Labor Codex: Law-Decree 5.452/1.943
1966 - Brazilian Tax Codex: Federal Law 5.172/1.966
1988 - Brazilian Federal Constitution: from 1.988, with 99 Amendments up to 2.018 | comentários-PT
1990 - Brazilian Consumer Protection Code: Federal Law 8.078/1.990
2002 - Brazilian Civil Codex: Federal Law 10.406/2.002
2015 - Brazilian Civil Procedure Codex: Federal Law 13.105/2.015
20__ - Brazilian Digital Codex: probably will exist in the future
1984 - Law on National Brazilian Informatics Policy: Federal Law 7.232/1.984 | artigo-PT
1991 - Law on Brazilian Economical Approach on Informatic and Automation: Federal Law 8.248/1.991
1996 - Brazilian Law on Industrial Property: Federal Law 9.279/1.996 | video-PT
1998 - Brazilian Law of Software: Federal Law 9.609/1.998 | slide-PT
1998 - Brazilian Law of Author's Rights: Federal Law 9.610/1998 | Protocol to Madri Agreement in 2019 | video-PT
1999 - Brazilian Intelligence Agency: Federal Law 9.883/1.999, Presidential Decree 4.376/2.002, Decree 8.905/2.016
2001 - Brazilian Law of Public-Keys Infra-Structure: Norm MP 2.200-2/2001
2002 - Establishment of abusiveness in the act of sending data to third parties without prior consent of the consumer: Norm 05/2.002, of the Secretary of Economic Law of the Ministry of Justice – SDE/MJ
2004 - Brazilian Law in Inovation: Federal Law 10.973/2004
2007 - Electronic medical record of sensitive medical data: Resolution 1.821/2.007, of the Federal Council of Medicine
2009, 2014 - Data of Drugstore users: Resolution n. 44/2.009, of the National Sanitary Surveillance Agency – ANVISA and Federal Law 13.021/2.014
2010 - Defense Center of Cyber Protection from the Brazilian militaries: Norm nº 666/2.010 | doc-PT
2011 - Brazilian Law on Access of Informations of the State: Federal Law 12.527/2011
2012, b - Brazilian Law on Cyber Crimes: 12.735 and 12.737/2.012
2012 - Establishes a mandatory standard to the exchange of data’s user of the Supplementary System of Health: Norm 305/2.012, of the National Agency of Supplementary Health – ANVISA
2014, b - Brazilian Law on Internet: Federal Law 12.965/2.014, Decree 8.771/2.016 | artigo-PT
2018 - Brazilian General Law on Protection of Personal Data: Federal Law 13.709/2018, with amendments by the Federal Law 13.853/2019 | comments-EN
2019 - Brazil in the Madrid Agreement Concerning the International Registration of Marks: Decree 10.033/2019
4. - The access of Brazilian public authorities to personal data:
The natural rule is that public authorities creates, collects and manage data of all citizens, by different metrics. It is common the exchange of data among public entities.
E-government is present in all spheres of government, being the tax return made by eletronic and online way, as well as services from Municipalities and Federative States.
Eletronic judicial process, with existence in all Courts of the country, is the rule in an universe of more than 120 million of judicial process, with only 18.000 judicial judges (at 2018, according to the Brazilian National Counsel of Justice).
At the end, exceptionally, when necessary and if applicable to the concrete case, for an issue of justice’s service, Brazilian Judges can request since banking and tax data to a health personal information or an information that is on a smartphone, aiming to get closer to the truth of the fact in a judicial prove. The Brazilian Federal Revenue uses even social media of citizens to investigate the patrimonial situation, but baking and tax confidentialities are the rules.
5. - Implementation of legislation on data protection rules, professional rules and security measures in Brazil:
- Brazilian General Law on Protection of Personal Data: Federal Law 13.709/2018, with amendments by the Federal Law 13.853/2019
- Concerning to protection rules, in the year of 2018 appears the Law Project n. 53/2018, of the Brazilian House of Deputies.
- Concerning to the IT professional, there is the Law Project n. 420/2016, of the Brazilian Senate.
6. - Rules for the onward transfer of personal data to another third country or international organisation:
- Brazilian General Law on Protection of Personal Data: Federal Law 13.709/2018, Chapter V
- Brazilian Law on Internet (Federal Law 12.965/2.014), Art. 11
- Federal Law 12.965/2.014, Art. 7, VII, VIII, IX, XIII
7. - Effective and enforceable data subject rights and effective administrative and judicial redress for the data subjects whose personal data are being transferred:
- Brazilian General Law on Protection of Personal Data: Federal Law 13.709/2018, Art. 17 - 20
- Brazilian Law on Internet (Federal Law 12.965/2.014), Art. 11
- Brazilian Law on Internet (Federal Law 12.965/2.014), Art. 7, XIII + Brazilian Consumer Protection Code (Federal Law 8.078/1.990), Art. 12
- Brazilian Civil Codex, Articles 186, 187, 927
8. - The existence and effective functioning of one or more independent supervisory authorities:
- Brazilian National Authority of Data Protection – ANPD (founded by the Federal Law 13.709/2.018)
- Brazilian Agency of Telecomunications – Anatel (founded by the Federal Law 9.472/1.997)
- Brazilian Internet Steering Committee – CGI.br
- Brazilian National Computer Emergency Response Team – CERT.br
- Entity for the Protection of Consumers – Procon
- Executive Power – Police
- Judiciary Power
Total of cyber attacks in Brazil, according to Brazilian National Computer Emergency Response Team – CERT.br:
accessed at 15th June 2018
8.1. - The Brazilian Internet Steering Committee is composed by 21 members – CGI.br:
-nine representatives from the Federal Government
--Ministry of Science, Technology and Innovation;
--Ministry of Communication;
--Ministry of Defense;
--Ministry of Development, Industry and Foreign Trade;
--Ministry of Planning, Budget and Management;
--National Telecommunication Agency;
--National Council for Scientific and Technological Development;
--National Council of State Secretariats for Science, Technology and Information Issues - CONSECTI.
-Four representatives from the corporate sector
--Internet access and content providers;
--Telecommunication infrastructure providers;
--Hardware, telecommunication and software industries;
--Enterprises that use the Internet.
-Four representatives from the third sector
-Three representatives from the scientific and technological community
-One Internet expert
8.2. - The Brazilian National Authority of Data Protection – ANPD is under the Presidential command, being composed by:
--the Board of Directors, with 5 directors;
--the National Board on the Protection of Personal Data and Privacy, with 23 agents;
--the Interna Corporis Correction Counseal;
--a Legal Department;
--Administrative and Specialized Units
9. - International commitments in relation to the protection of personal data:
- Convention on Mutual Assistance in Tax Issues, of OCDE, with automatic exchange of tax/patrimonial informations among the signed countries (Decree 8.842/2.016), observing the Article 22 regarding to the secrecy of the exchanged personal data.