3/29/2022
In October 2021, the Brazilian National Data Protection Authority (“ANPD”) and Agéncia Española de Protección de Datos (“AEPD”) signed a Memorandum of Understanding (“MoU”) to promote the development of joint actions for the dissemination and practical enforcement of data protection regulations. Since then, the assessment of the Spanish authority´s practices have become important to foresee the ANPD’s performance in 2022, especially in inspection and sanctioning processes, such as the application of fines.
Thus, a recent study published by L.O.Baptista’s Innovation & Technology team, led by partners Esther Jerussalmy Cunha and Fabricio B. Pasquot Polido, analyzed the indicators produced by several data protection authorities around the world, among them the authorities of the Member States of the European Union and the United Kingdom, as well as other strategic countries in the Americas. The objective of the study was to establish a potential evaluation and prognosis on the ANPD’s development, in particular regarding the regulation of administrative sanctions for violations of Law No. 13,709/2018 – General Data Protection Law (“LGPD”).
According to the study L.O.Baptista conducted, it was found that with regard to sanctions, including fines, the European Union and the United Kingdom are moving toward the imposition of heavy fines, which are becoming increasingly common among national authorities, while in other countries infraction notices and educational measures are more frequent. In addition, some industry sectors have been hardest hit, such as online advertising/marketing, retail, telecommunications, media, and financial/banking, with values ranging from €1,500.00 to €780,000,000.00.
In view of the recent MoU signed with the Spanish authority, which came along simultaneously with the ANPD’s entry as a member of the Ibero-American Data Protection Network, monitoring the actions of the Spanish authority has become essential to its Brazilian counterpart. One could foresee whether the ANPD will follow an approach more focused on the application of heavy fines, or whether it will favor the application of infraction notices and provide educative measures. According to GDPR Enforcement Tracker, Spain is the country with the highest number of fines up to now (387 fines, totaling 44,996,610.00 euros), followed by Italy (129 fines, totaling 137,218,096.00 euros) and Romania (74 fines, totaling 736,950.00 euros).
Likewise, according to the Director of the ANPD, Miriam Wimmer:
“It is important to mention that this articulation effort, which takes place both domestically and internationally, has also resulted in a very productive dialogue with Personal Data protection authorities from other countries and also public agencies and entities responsible for this matter. I could mention, for example, the dialogue with the European Commission, with the Information Commissioner’s Office (UK), with the Federal Trade Commission (USA), with the Hesse Data Protection Authority (Germany), as well as a cooperation agreement already formally established with the Spanish Data Protection Authority (AEPD). […] This cooperation effort reflects the ANPD’s desire to learn from the experience of other agencies and entities, identify best practices and move towards international harmonization on the subject.”
Both data collected and the analytical research previously conducted by L.O Baptista allow stakeholders to follow up the development of the closer collaboration between AEPD and ANPD. One could further assess whether ANDP will be guided by a more sanctioning approach, prioritizing the application of (high) fines rather than educative or prevention-oriented approach. Yet this article, as well as our study recently released, is not intended to establish any definitive opinion on ANPD´s guidance, but rather to provide stakeholders with a closer look at the regulatory tasks performed by data protection authorities around the globe and offer a concise guide for economic agents and data protection specialists.
Coauthors: Ana Carolina Gontijo, Fabrício Bertini Pasquot Polido and Denise de Araújo Berzin Reupke
