Post by account_disabled on Mar 12, 2024 21:25:47 GMT -6
According to an article published in an important national newspaper, “the Union estimates that it will collect at least R$20 billion in fines in the first 12 months of the General Data Protection Law (LGPD) being in effect.” The official estimate, if true, is completely inappropriate and prematurity. This is because the National Data Protection Authority (ANPD), still embryonic, will have, in its first steps, an eminently pedagogical – and not sanctioning – function, with it being responsible for imposing broad and prior governmental action for the exact collective clarification regarding the new legal determinations.
Illustratively, the LGPD assigned the public authorities the task of “promoting among the population knowledge of public standards and policies on the protection of personal data and security measures” (article 55-J, VI). In the same step, the National Data Protection Council was determined to have the duty to “disseminate knowledge about the protection of personal data and privacy to the Portugal Mobile Number List population” (article 58-B, V). In other words, it is clear that the ANPD, before wishing to assert its punitive impulses, must establish an effective administrative program regarding the limits, possibilities, duties and obligations provided for by law.
Although the LGPD will only come into full force in August 2020, the fact is that such a period is absolutely limited to the full understanding, interpretation and adequacy of conduct. The law, it is emphasized, is excessively complex. This does not mean that the vacatio legis must be extended, but that the public authority must immediately begin its efforts in the pedagogical field. And one detail: the regulations and standards published by the ANPD must be preceded by public consultation and hearing, as well as regulatory impact analyses.
Now, it is well known that the fair effectiveness of legality presupposes a necessary period of systemic maturation. Even because it's one thing to put the law on paper; another, completely different, is to adapt it to the reality of life. In this case, the LGPD is a standard that is here to stay, with the digital transformation of businesses as its final guide, through the optimized protection of attributes and data relating to personal dignity.
Yes, advances in technology, especially in artificial intelligence instruments, make the slogan " data is the new money " common. Therefore, in light of the constitutional guarantee of intimacy and privacy, especially sensitive data must be subject to firm, safe and effective legal protection. To this end, the LGPD imposes vertical corporate restructuring duties, as well as on legal entities governed by public law. Undoubtedly, in its evolutionary curve, the law will promote numerous institutional advances in organizations, improving the informational flows of life in society.
However, it is absolutely impossible to instantly conform to the numerous legal dictates, requiring conscious and gradual supervisory monitoring, respecting the economic capacity of private companies. On this point, there is an express order for the ANPD to “edit simplified and differentiated standards, guidelines and procedures, including deadlines, so that micro and small businesses, as well as business initiatives of an incremental or disruptive nature that declare themselves startups or companies of innovation, may adapt to this Law” (article 55-J, XVIII).