2018: An astral conjunction

Observatory’s Memory: Episode 3/5

A series of factors creates the perfect conjunction for the approval of the Brazilian General Data Protection Act. This scenario results in a “horse race” between two bills: the one that was pending in the Senate and was favoured by the Temer government, and the one pending in the House, which had a more significant participation from various sectors of the society.


In early 2018, the expectations for the approval of any of the Bills on data protection were low. However, the year brought a series of factors that were called an “Astral Conjunction” by Danilo Doneda, making  the LGPD come true.


On March 18th, the Cambridge Analytica scandal haunts the world with the revelation that the political marketing company used data collected from Facebook on targeted advertisements that had influence on Donald Trump’s election,  and on the UK’s exit from the European Union ( Brexit).


On April 13th, the Brazilian government’s wish to enter the Organisation for Economic Co-operation and Development (OECD) becomes public. However, the OECD requires, as a good practice, the regulation of personal data processing, as well as an independent and autonomous supervisor authority.


On May 25th, the EU’s General Data Protection Regulation (GDPR) takes effect, which on the one hand, forces multinationals to comply with the new rule, and on the other hand, intensifies the need for more legal certainty in the use of data in Brazil.


In the House of the Representatives, a petition requires the approval of Bill 5276 before the house gives continuity to the processing of the Positive Register, a primary economic agenda of Michel Temer’s government (Brazilian Democratic Movement).


In addition, the successive accusations of corruption against Temer weaken the Executive before the Legislative. With a short deadline for the approval, due to the proximity of both the 2018 World Cup  and the presidential elections, the perfect scenario for the creation of the LGPD arises.


On April 17th, the Senate promotes a Thematic Session on personal data protection, marking the first time that the subject is fully discussed in one of the Houses of the Brazilian Congress.


Although Bill 5276 is originally from the Executive, Temer’s team clearly prioritizes Bill 330, at the Senate.


In April, the president of the House, Rodrigo Maia (Democrats), promotes a meeting with several parliamentarians and entities in order to ‘’unlock’’ the voting of the Positive Register. With the presence of Idec (Brazilian Consumer Defense Institute) and some Procons (Consumer Protection), the message was clear: the LGPD needed to be approved.


A few days later, Maia gathered Orlando Silva, parliamentarians and entities that were involved in the discussion in order to understand what was necessary to move forward with the Bill. The doors were open to vote on the LGPD, and the only thing missing was to reach a consensus regarding the final text.


In order to reach this consensus, Orlando sits at the table with all interested parties and establishes an unusual procedure: a read-through where all of the project’s aspects would be discussed, one by one


In total, four meetings are led by Orlando where civil society, academia and the private sector come to an agreement and establish a partnership on what the final text should be. The general maxim is that if no one  is 100% satisfied, then that is the best possible version.


With the theme of data protection gaining momentum, the rhythm of the processing also accelerates in the Senate, and the two Bills enter in a sort of ‘’horse race’’, a dispute to approve each text first and then have the final word on it.


With a writing that was more favorable towards the private sector and also ignoring the public sector’s role, Bill 330 is the government’s preference, as well as that of several companies.


As the race between the bills heats up, some strategies are created and Orlando Silva’s team prepares Bill 5276 to be voted as soon as possible.


The dispute between the houses reaches its end on May 29th. Bill 330 is supposed to be voted in the Senate, but the session is ended before that happens. Soon, Bill 5276 is unanimously approved at the House.


The unanimity was important to give weight to the text and protect it from changes once it was sent to the Senate, in addition to guaranteeing a speedy process. To ensure all that, there is a strong work of articulation on the sidelines.


The text arrives at the Senate in early June and on the 14th a letter is published for the creation of an Independent Data Protection Authority, signed by entities from the private sector, civil society and academia.


On June 25th,  a second letter was launched, this time led by Brasscom (Brazilian Association of Information and Communication Technology Companies), for the approval of the text passed by the House without any modifications in the Senate. Signed by more than 80 entities, it resulted in the rise of a large multi-stakeholder coalition in defense of the LGPD.


At this moment, several sectors of the private initiative that had not participated in the discussion until then try to change the Law’s content – an unsuccessful attempt.


Under the leadership of senator Ricardo Ferraço, the text is approved in the Senate with formal modifications only, without any change in its content. Therefore, it is directly sent for President Michel Temer to sign into law.


Within the Executive Branch, there is significant pressure for Temer to veto a large portion of the text – or even to make a full veto. Gustavo da Fonseca Rocha, the then special secretary of Human Rights, was fundamental to slow down this movement.


During the same period, representatives from several private entities manage to reunite with Michel Temer to convince the President of the importance of signing the LGPD into law.


On August 14th, Temer finally signs the LGPD into law. However, he makes a series of vetos. The one which draws most attention is about the creation of the independent National Data Protection Authority (ANPD in the Portuguese acronym). The justification is that there was an initiative defect: the body could not have been created through the Legislative.


While in Brazil for the 9th CGI.br Privacy and Personal Data Protection Seminar, in early August, the director of the data protection area from the Council of Europe meets Aloysio Nunes, Minister of Foreign Affairs at the time. At the meeting, Aloysio asks for Brazil to become an observer of the Convention 108+, which deals with the subject at a  global level.


On December 28th, one of the last days of his mandate, Temer finally delivers on the promise and creates an Authority through the Provisional Measure 869/2018. However, as opposite of the expected independence, the text establishes an organization subordinated to the  Presidency of the Republic. The repercussions are negative.