·
Opinions Pillar, which proposes directives for a
National Policy on the subject matter;
·
Information Pillar, to inform the population, companies
and public entities about public rules and policies on data protection and
privacy;
·
Studies Pillar, to promote national and
international studies, in particular in view of the lack of borders pertaining
to use of data;
·
Cooperation Pillar, to cooperate with data protection
authorities, including on an international level;
·
Notification Pillar, to receive communications about
security incidents that may cause damage to data subjects;
·
Investigation Pillar, to file preliminary proceedings, civil
public inquiries and administrative proceedings, also jointly with the natural
prosecutor.
·
Sanction Pillar, to file the competent legal
actions, jointly with the case’s natural prosecutor.
Also, with regard to consumer protection, we point
out to the National Consumer Secretariat
(SENACON), an entity subject to the Ministry of Justice, with
responsibilities prescribed by the Consumer Protection Code (CDC), which had
active roles in some cases involving privacy and data protection in 2018.
Moreover, specific rules were created to
certain areas of the economy. By way of example, Central Bank of Brazil
published Resolution nº 4.658/2018, which
provides for cyber security policy and requirements to contract data processing
and storage services, as well as cloud computing, to be complied with by
financial institutions authorized to operate in this field.
The purpose of these regulations, including the
one issued by the Central Bank of Brazil, is to control how organizations,
companies and the government itself use massive quantities of personal data
produced by them, with a view towards protecting users/individuals from
unauthorized, improper and malicious use. Without effective rules and without
supervision by the competent authorities, collected data may be used improperly,
exposing users, in their capacity as consumers, to risks and occasional losses.
The General
Data Protection Law, enacted in August 2018, will be an essential prop to
support actions undertaken by the competent authorities. Expected to enter into
force only in August 2020, it grants a grace period for companies to conform to
the new data protection regulation. Those who think that this is a long period
are mistaken. The way companies operate will be directly affected and for this
reason a deeper look at the dynamics of data will be crucial, which ultimately
will result in adjustments.
Therefore, from a statutory and regulatory
point of view we notice that Brazil is taking a discerning look at information
virtualization in order to adjust its legal framework to current social facts,
thus ensuring that citizens will have proper assistance and support, when
required.