The Brazilian General Data Protection Law & the Municipal Elections

Ronaldo Lemos’ weekly column in the Folha de São Paulo newspaper

published in

19 de November de 2020


{{ its_tabs[single_menu_active] }}


Message abuse by Whatsapp messenger can infringe the Brazilian General Data Protection Law (known as LGPD, in Portuguese).

After one of the longest, most tumultuous legislative processes in Brazilian history, the LGPD finally came into force on Friday (18).

For those of you not following the topic, it is a comprehensive law that creates new rights and duties regarding any use of digital data.

It is a law just as important as the Brazilian Consumer Protection Code was at the start of the 90s. Today, for many, it’s unthinkable for a store to refuse a return on a faulty product.

Well, the LGPD will have a similar impact. It allows the owner of data (which includes all of us) to ask for rectifications, check what data exists on them, and also request to stop analysis on their data.

The word “general” isn’t in the law for no reason. Every person and company that uses digital data has to obey it. That includes not only businesses, but also governments, public entities, political parties, and the candidates themselves. The impact on the 2020 Brazilian municipal elections is immediate and extremely relevant.

In the past years, there were several scandals about misuse (and abuse) of voter data during the electoral process. With the LGPD coming into force in Brazil, there’s the possibility of significant change happening in the political campaigns.

According to the law, the candidate and their party are considered “controllers” of any data they possess. Businesses hired by the parties and their candidates, which use the data, are considered “operators”.

All have something in common: they pay a fine of up to R$ 50 million if they infringe this law.

For example: parties, candidates or contracted companies can only use voter data if the person freely consents beforehand, allowing its usage. This consent can not be presumed or implicit. It is required that the voter actively manifests their desire (and that there is proof) for the data to be used.

A basic example is the use of Whatsapp mailing lists. If a party has the cellphone number of a voter, that’s a piece of personal data. And to send a message to that number, the rule applies: the party needs prior consent.

The voter can ask parties and candidates to reveal what information they have on them and request their data to be deleted. Any misuse can be punished with the fine mentioned before.

It’s true that law 13.709 postponed until August 2021 the application of administrative penalties by the LGPD. However, this delay is respective to penalties by the National Authority on Data Protection, which hasn’t even been created yet.

Today, nothing is stopping the Judiciary itself from applying the penalties described by the LGPD law. Therefore, parties, candidates, and hired businesses will have to rethink carefully their data policy.

The use (and abuse) of Whatsapp Messenger, which was a hallmark of the previous election, on this election will be considered not only as an electoral infraction, but also an infraction of the LGPD.


It’s gone: Believing that LGPD won’t be put into force in Brazil

Now in: A storm of complaints on Reclame Aqui (a Brazilian consumer complaints website) regarding misuse of data

Coming up: A storm of complaints by voters regarding misuse of data

{{ pessoas.pessoaActive.title }}