Brazil’s long-anticipated data protection law, Lei Geral De Proteção de Dados Pessoais (“General Law for Data Protection” or “LGPD”), now appears positioned to take effect in a matter of days. Ever since the law was originally passed in August 2018, implementation and enforcement timelines have been in flux. In a rather sudden turn of events last week, however, dramatic back-to-back votes by each house of Brazil’s National Congress now put the substantive provisions of the LGPD on track to take effect in a few days’ time, upon approval by Brazil’s president. The LGPD’s administrative fines and sanctions provisions remain scheduled to take effect next year in August 2021. READ MORE
Website providers that collect dynamic Internet Protocol addresses (“IP address”) from website visitors may soon be subject to even more scrutiny from data protection authorities in the EU.
Last week, Europe’s Advocate General Manuel Campos Sánchez-Bordona (one of the advisors to the European Court of Justice, “ECJ”) released an opinion which, if followed by the ECJ would end a long debated question whether IP addresses are personal data subject to EU data privacy law. The Advocate General takes the view that dynamic IP addresses are personal data when being in the hands of a website provider when a third party (e.g. the internet access provider) has access to additional information that would enable identification of the Internet user.
After 4 years of negotiation, today the European Parliament adopted the General Data Protection Regulation (“GDPR“). In doing so, it signaled the end of the EU approval process and put businesses on alert that they now have two years to prepare for compliance.
The finalization of the GDPR has implications not only in the EU but globally. Businesses around the world that wish to operate in the EU, provide services and goods to residents in the EU, or monitor the behavior of residents in the EU, will need to comply with the new laws.
The GDPR builds on existing EU privacy laws but includes significant changes which increase the protections already afforded to personal data.