Follow on Google News

Sectors that handle large volumes of data should participate in the structuring of the ANPD

The recent approval by the Federal Senate of the members of the board of the National Data Protection Authority (ANPD) appointed by the Presidency of the Republic is just the first step in the process of setting up the Authority and the guidelines that will guide its structuring.

The approval of the General Law on the Protection of Personal Data (LGPD) was a major step forward for legal certainty and the country's economic, technological and social development. But the law has numerous provisions that require regulation by the competent authority.

This feature explains why the ANPD is essential for Brazilian organizations to work with more legal certainty regarding their compliance with the new law, preserving the balance between the protection of personal data and the expansion of the digital economy.

Due to the importance of using data in the most diverse activities and the rapid growth of the digital economy, which promotes the use and sharing of data in each country and globally, it is essential that sectors that handle large volumes of data participate in this process.

To use an example I know, that of credit protection service companies, it's worth noting that the sector processes around 150 million individuals' and companies' data, using only information necessary for the legitimate purpose of providing credit assessment and in an environment of total information security.

With high investments in innovation and the adoption of strict information security policies, the processing of data for analyzing and granting credit to people and companies is at the heart of credit bureaus, which provide support services for financial and commercial relations.

The bureaus are an important instrument for generating trust and security in the credit market, working very closely with banks, fintechs and financial startups, which are increasingly present in the Brazilian market.

ANBC participated in the drafting of the LGPD

The National Association of Credit Bureaus (ANBC), on behalf of the sector, actively participated in the construction of the personal data protection bill, and presented numerous suggestions for the main concepts relating to personal data, especially those directly linked to the credit market.

Because of its involvement in the process, and because of the international experience of credit bureaus in handling data with respect for privacy, the sector has made itself available to support and provide input to the activities that will be carried out within the framework of the National Data Protection Authority and the Advisory Council of the Personal Data Protection Authority.

The representatives of the credit bureaus considered the positions of the nominees for the ANPD's Board of Directors to be in line with the wishes of the market and society during their hearing in the Federal Senate.

Among these positions, it is worth highlighting the view that the Authority should favor constructive engagement, reward appropriate behavior and use punishments only as a last resort. It also intends to listen to all sectors in the formulation of the National Personal Data Protection Policy and to act with transparency and innovation in order to guarantee that personal data is shared responsibly.

Also noteworthy is the proposal to take action to facilitate the country's inclusion in global value chains, for example, by urgently regulating international transfers. Finally, it is worth highlighting the concern with cyber security, which is considered fundamental to providing adequate protection for personal data and a guarantee of privacy for the data subject.

ANPD in OECD report on digital economy

The immediate functioning of the ANPD is so important for Brazil that the Organization for Economic Cooperation and Development (OECD), a body to which Brazil has been applying for membership, has just launched report on the country's digital economy, with recommendations for improving confidence in the digital economy.

The OECD suggests that the country should re-evaluate the conditions set out in Article 55-A of Law 13.709, to guarantee the full independence of the ANPD from the outset, and that the rules for appointing the ANPD's Board of Directors and the National Council for the Protection of Personal Data and Privacy (CNPDP) should be transparent, impartial and based on technical knowledge.

The document also warns that the LGPD is silent on how the entities will manage the disagreements that arise, that clear rules need to be established regarding decision-making within the ANPD and its implementation by the Board of Directors, that a predictable budget needs to be guaranteed for the ANPD and that the Brazilian Strategy for Artificial Intelligence needs to be aligned with the General Data Protection Law and other relevant legal frameworks in cooperation with all actors.

ANPD Board of Directors

Because it involves all sectors and segments of the Brazilian economy, the credit bureau sector also believes that the ANPD's Board of Directors and staff should have ample availability to know the specificities of each segment, and technical expertise in areas such as information security, the development of the digital economy and digital transformation, as well as knowledge of regulatory convergence, certifications and international best practices.

At the same time, the sector also believes that the ANPD should develop its activities in harmony with other bodies responsible for regulating specific economic activities, as has happened in other countries that already have data protection legislation.

And as the LGPD itself makes explicit, which defines that the ANPD must liaise with other public regulatory authorities to exercise its powers in specific sectors of economic and governmental activities subject to regulation.

In the sector's view, without the strategic guidance of the ANPD, the multiple interpretations of other public spheres will tend to cause legal uncertainty and many lawsuits, which could be avoided in most cases by prior instructions and guidance from the competent Authority.

Finally, we believe, as described in an open letter sent to the country's main authorities and signed by more than 70 organizations representing the most diverse economic sectors, that it is up to all of us - government, society, controllers and operators of personal data in the private sector - to ensure that the LGPD is respected, as everyone is responsible for exercising digital rights in a sustainable manner.

Thus, the creation of the ANPD, its internal structure and the regulatory pieces must be based on broad and unrestricted public consultation, with guidance and education of organizations and citizens around these rules.

Published in: https://www.jota.info/

Thanks for reading! Access other content at ANBC website.

By: Elias Sfeir President of ANBC & Member of the Climate Council of the City of São Paulo & Certified Advisor