November 14, 2018

Deliverability 101: Brazil’s new privacy legislation is similar to the GDPR.


In August 2018, the Brazilian parliament passed Law No. 13,709, a new privacy law known as the Brazilian General Data Protection Law (GDPL), updating and amending the existing “Brazilian Internet Law” of 2014.

This is another example of major global economies updating outdated privacy legislation to provide more consumer-favored legislation, similar to the GDPR. There are several striking similarities between the Brazilian GDPL, GDPR, and the OECD Privacy Framework, so please bear with us as we drop some legalese on you.

Brazil’s new privacy regulation covers many of the same items we’ve seen in other major privacy laws in recent years, including items classifying data into categories such as personal data, sensitive data, and anonymized data. These are further defined within the legislation as follows:

  • Personal data: Information regarding an identified or identifiable natural person;
  • Sensitive personal data: Personal data concerning racial or ethnic origin, religious belief, political opinion, trade union or religious, philosophical or political organization membership, data concerning health or sex life, genetic or biometric data, when related to a natural person;
  • Anonymized data: Data related to a data subject who cannot be identified, considering the use of reasonable and available technical means at the time of the processing

Article 6 of the GDPL covers a wide range of items aligning with the OECD Privacy Framework, specifically those calling for accountability, accuracy, limitations, purpose and notice of data being collected as well as open access, ability to update and correct information collected on the data subject. The law also notes acceptable security measures need to be implemented and requires assurances that data will not be used in a nondiscriminatory or unlawful manner.

There are several other similarities between the GDPR and the GDPL when it comes to processing sensitive data, data related to minors, data subject rights, and when data should be deleted. There are also similarities regarding data portability, access and correction of data, and the international transfer of consumer data controllers will need to incorporate into their agreements and contracts with data processors.

While there are several similarities to the GDPR and the GDPL, the penalties and enforcement structures are substantially different, as the regional Information Commissioner’s Offices (ICOs) in the EU and the addition of ePrivacy add another level of complexity to the equation. However, in our opinion, if you already managed your internal processes for GDPR, you will need to only make minor changes to be in compliance with the GDPL when it is enforced in February 2020. We advise you to speak with appropriate legal council to see how this new law may impact your business and practices.

*The information contained in this presentation is provided for general informational purposes only and should not be construed as legal advice from 250ok Inc. or the individual author.*

Author: Matt Vernhout

Matthew Vernhout is a digital messaging industry veteran and Certified International Privacy Professional (CIPP) with more than a decade of experience in email marketing. Matt is 250ok’s Director of Privacy, and he is currently the Vice Chair of the eec, after serving for several years as the Chair of their Advocacy Subcommittee.

You may also like...

The Year in Email 2018

The Black Friday emails are deleted, marketers’ email lists are checked twice, we pretty much know which senders have been naughty or nice. Another year in email is coming to a close, and boy, what a ride. While most thought leaders are busy making predictions about 2019, we like to learn from the past to […]

Poorly designed emails could cost you millions of dollars. But what does that really mean?

We partnered with the smart folks at Lab42 to research what people really think about marketing email. Do they like how they look on their preferred device? Do they prioritize the same design elements you do? If you’re not aligned with your recipients, you could end up sending unwanted, unsatisfying email. You know what that […]

The Year in Email 2017

Can you believe it? The year 2017 is coming to a close and what a year it has been in the email ecosystem. Email’s staying power continues to flex its muscles as a dynamic channel that can adapt to the ever-changing landscape of digital marketing. This past year saw many changes, trends, and announcements that […]

Ready to get started?