On October 15, 2020, Brazilian President Bolsonaro officially appointed the five directors of the new Brazilian Data Protection Agency (Agência Nacional de Proteção de Dados, “ANPD”), as published in the Brazilia Official Journal. The decree establishing the ANPD, which we reported on, is now fully in force. However, all five nominations are yet to be approved by the Brazilian Senate, which means more steps are required before the ANPD is fully up and running.
The Brazilian Data Protection Act (Lei Geral de Proteção de Dados Pessoais, “LGPD”) provides that these five nominations will have terms of between six and two years. It is also specified that the ANPD will initially be associated with the Brazilian Presidency. The presidency has two years to review the structure of the ANPD. During this time she can convert the ANPD into an independent authority.
The five directors nominated include three with a military background, one from the Brazilian Ministry of Science, Technology, Innovation and Communication and a partner in a Brazilian law firm:
- Waldemar Gonçalves Ortunho Junior – Director-President (six-year mandate), Army Colonel and electronics engineer, currently President of the Brazilian telecommunications company Telebrás
- Arthur Pereira Sabbath (five-year mandate), currently Director of the Information Security Division of the Brazilian Presidency
- Joacil Basilio Rael (four-year mandate), computer engineer who graduated from the Military Engineering Institute
- Nairane Farias Rabelo Leitão (three-year mandate), lawyer and partner in a Brazilian law firm
- Miriam Wimmer (two-year mandate), Director of Telecommunications Services in the Brazilian Ministry of Science, Technology, Innovation and Communication and Professor at Instituto Brasiliense de Direito Público
The five directors will be responsible for setting up a brand new technical data protection authority. The Center for Information Policy Leadership (“CIPL”) has produced a white paper that sets out how the ANPD can effectively fulfill and prioritize its legal responsibilities. Download the paper The Role of the Brazilian Data Protection Authority (ANPD) under the New Brazilian Data Protection Act (LGPD) (Portuguese version here) and access more information on the CIPL and CEDIS-IDP project to effectively implement and regulate the LGPD .
Update: On October 20, 2020, the Brazilian Senate approved all five nominations after a public hearing.