On August 14, Brazil's president enacted the Brazilian General Data Protection Law under which personal data will be protected regardless of how it is collected or stored (source document in Portuguese). The bill established that personal data may be processed under only 10 scenarios, which included: express consent, compliance with legal obligation, protection of life or physical integrity, performance of a lawful agreement, or in the legitimate interest of the entity responsible for the data processing or a third party. The president vetoed a proposed regulation that would have created a National Data Protection Authority (Autoridade Nacional de Proteção de Dados) to oversee data protection regulation. For information, please see our Jones Day Commentary.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.