Data protection watchdogs have issued a resolution determining when and how this is allowed. Companies will have to review their contracts
Welcome to our Tech Roundup, where we bring you the biggest stories in technology and innovation in Brazil and Latin America. This week: A new regulation regarding transferring data from Brazil to other countries.
Brazil sets rules for transferring personal data to other countries
Brazil’s National Data Protection Authority (ANPD), similar to the European Union’s GDPR authority, has published new rules regulating how personal data can be transferred abroad. These rules follow a public consultation process that began in 2022, gathering over 1,700 contributions.
Key points. According to Brazil’s data protection law, personal data can only be sent to countries with similar privacy protections or when companies ensure, through contracts, that Brazilian standards will be met.
Only the actual transfer of data by a company or organization to another entity abroad is regulated. Routine data flow, such as within a company, is not considered a transfer.
Since there’s no official list of safe countries yet, the ANPD has provided standard clauses that must be included in contracts.
Companies have 12 months to comply with the new rules.