Brazilian President Michel Temer has signed a new data protection bill into law designed to give citizens control over their information online. The new law will come into effect in 18 months and will prevent the commercial use of information such as names, telephone numbers and addresses without users’ consent.
The new rule is applicable to any public or private organization involved in collecting and storing user data. Under the new law, consumers have the right to know what personal information is being collected by companies, the purpose behind it, and the name of the companies that are sharing this data.
The consumers also have the right to direct companies to delete their information and not to sell it.
Organizations that fail to comply with this regulation could be penalized around 2 percent of the company’s earnings to a maximum of $12.8 million, ZDNet reported.
As per the new law, users must be immediately informed in case of a data breach and the party storing their data will be held responsible for any damage caused.
While the new law primarily focuses on the protection of users’ and businesses’ data, there were several items in the original draft that have been rejected by the Brazilian president. This includes the creation of a new government body dubbed the National Data Protection Authority, non-sharing of citizen information with the government agencies and the private sector.
The debate on Brazil’s data protection bill started back in 2012.
The Brazilian government failed to take any action about data protection for almost 6 years. However, the EU’s newly introduced GDPR forced the government to take a concrete decision. GDPR was introduced worldwide on May 25, 2018 to enhance the data protection and privacy of all individuals.