You are currently viewing ANPD Approves New Rules on International Data Transfers



This title is concise yet complete, compelling, and accurately reflects the content.
Representation image: This image is an artistic interpretation related to the article theme.

ANPD Approves New Rules on International Data Transfers This title is concise yet complete, compelling, and accurately reflects the content.

10, which sets forth the guidelines for the implementation of the General Data Protection Regulation (GDPR) in Brazil. This resolution is a significant step towards aligning Brazilian data protection law with the EU’s GDPR. The ANPD Resolution No.

Definitions Pursuant to the Regulations, international data transfers occur when personal data is transferred from a Brazil-based exporting agent to an importing agent located in another country. “International data collection” is defined as the collection of personal data directly from the data subject by an entity located abroad. Such collection is not considered an international data transfer, although the entity collecting the personal data must comply with the provisions of the LGPD if it falls within the territorial scope established in Article 3 of the LGPD. Both controllers and processors must adopt effective measures to ensure and demonstrate compliance with the Regulations. The effectiveness of such measures must be compatible with the level of risk associated with the data processing and the international transfer mechanism used.

* **Data Transfers: Legitimate, Specific, and Informed**
* **Data Transfers:

* **Legitimate and Specific Purposes:** Data transfers must be for a specific, legitimate purpose, not for general or indiscriminate purposes. * **Informed Consent:** Data subjects must be informed about the purpose of the transfer and the legal basis for the transfer. * **Further Processing Prohibition:** Any further processing incompatible with the notified purpose is prohibited.

1. **Data protection measures are evaluated based on a comprehensive assessment of their potential benefits and risks, their impact on international data flows, and other relevant factors.**
2. **The adequacy of data protection measures is determined by a rigorous evaluation that considers the potential benefits and risks, the implications for international data flows, and other relevant factors.**
3.

The summary provided outlines the key aspects of a potential agreement between Brazil and other countries or organizations. The agreement focuses on fostering reciprocal treatment and facilitating the free flow of data between Brazil and its partners. **Detailed Text:**

The proposed agreement between Brazil and other countries or organizations holds significant implications for the global landscape, particularly in the realms of diplomatic relations, international trade, and international cooperation.

A. The Legal and Contractual Framework of Goods Transfer
**

The transfer of goods from one party to another is a complex process that involves various legal and contractual obligations. A key aspect of this process is the transfer of ownership, which is typically governed by a contract. The transfer of ownership must be clearly defined and documented in the contract, and it must be legally binding.

Equivalent and Specific Standard Contractual Clauses The ANPD may recognize the standard contractual clauses of other countries or international organizations to be equivalent, provided they are compatible with the provisions of the LGPD. This feature differs from other data protection regulations worldwide, such as the General Data Protection Regulation (GDPR), and is designed to provide more consistency in companies’ international data transfer practices. Additionally, controllers may request the ANPD to approve specific contractual clauses for international data transfers, provided the controller can guarantee compliance with the principles and rights set forth in the LGPD. Such clauses would be permitted when the standard clauses are not feasible due to exceptional circumstances, and would need to be subject to Brazilian law and ANPD oversight.

The agency will assess proposed clauses for their alignment with the LGPD, ensuring they offer equivalent data protection levels comparable to Brazilian standard contractual clauses. Their feasibility, including potential impacts on international data flows, diplomacy, global trade, and international cooperation, will also be considered. Clauses with broader applicability across similar scenarios will be favored.

* **Global Data Security and Privacy: A Unified Approach**
* **Secure Data Transfer:

These rules ensure that data is transferred in a secure and compliant manner, adhering to international standards and regulations. **Key Features:**

* **Group-wide Applicability:** Global corporate rules apply to all organizations within a corporate group, regardless of their location or legal structure. * **Data Security and Privacy:** These rules prioritize data security and privacy, establishing protocols for data encryption, access control, and data breach response.

**1. Data Processing Responsibility and Data Subject Rights:**

The rules must clearly define who is responsible for processing data. This could involve a central data protection officer (DPO) or a designated team within the organization.

Deadlines The Regulations came into effect on the date of publication, August 23, 2024. Data processing agents conducting international data transfers through contractual clauses have up to 12 months (until August 22, 2025) to incorporate the ANPD-approved standard clauses into their contracts. A non-official English version of the Regulations is available here. The official text in Portuguese is available here. For further information on this topic, please contact Mattos Filho’s Data Protection & Cybersecurity practice.

Leave a Reply