Support Centre

Latin America

News

Insights

November 2024

Brazil: Data transfers - A new regulation in Brazil with SCCs

The transfer of personal data across borders is an integral part of business operations and communication. International data transfer (IDT) encompasses the transmission of personal information from one country to another or an international organization.

The General Data Protection Law (LGPD) in Brazil provides a comprehensive legal framework to regulate such transfers, ensuring that the rights and protection of Brazilian citizens are upheld. The Brazilian IDT mechanisms are similar, but not identical to the ones established in the General Data Protection Regulation (GDPR) of the European Union. The Brazilian legal framework provides that IDTs are allowed in Brazil in multiple circumstances, such as to countries that provide an adequate level of protection, when using Standard Contractual Clauses (SCCs) defined by the data protection authority (DPA), specific contractual clauses, Binding Corporate Rules (BCRs), seals and certificates, and other lawful grounds as further detailed in this article.

On August 23, 2024, the Brazilian DPA (ANPD) issued Resolution No. 19/2024 to regulate some of the mechanisms that allow IDTs in Brazil, including the proceeding to acknowledge a country or organization as providing adequate protection, SCCs, specific contractual clauses, and BCRs. Other mechanisms of international transfer are not regulated by Resolution No. 19/2024.

Alan Campos Elias Thomaz, of Campos Thomaz Advogados, discusses how IDTs are regulated in Brazil and the mechanisms organizations may implement to comply with the LGPD.

October 2024

Argentina: Evolution of AI regulations and the Argentine situation

In this Insight article, Gustavo Bethular and Sofia Grassi, from RCTZZ, explore the evolution of artificial intelligence (AI) regulations and Argentina's role in shaping them. As AI technology advances rapidly, Argentina has actively participated in international initiatives while facing challenges in adapting its domestic legal framework. The article highlights Argentina's efforts to balance innovation, public safety, and ethical considerations in AI regulation.

August 2024

Argentina: Regulatory requirements for financial entities and third-party service providers

In this Insight article, Gustavo Bethular, Hernán Camarero, Eduardo Bellocq, and Sofia Grassi, from RCTZZ, discuss the critical role of cybersecurity in Argentina's financial sector, emphasizing the importance of adhering to the Central Bank of Argentina's (CBA) stringent regulations to ensure operational resilience and maintain customer trust.

February 2024

Peru: Draft of the new data protection regulation

In this Insight article, Crosbby Buleje, Associate at Baker & McKenzie LLP, discusses Peru's Draft Regulation of Law No. 29.733 on the Protection of Personal Data 2011, as proposed in 2023, including extraterritorial application and enhanced consent requirements.

February 2024

Chile: New proposed changes to the Data Protection Law

In this Insight article, Paulina Silva, Partner at Bitlaw, explores the proposed changes to Chilean data protection laws, specifically focusing on the impending structural shift outlined in Bill No. 11144-07 Regulating the Processing and Protection of Personal Data and Creating the Personal Data Protection Authority (the Bill). The article delves into key modifications, including the introduction of new legal bases, enhanced security obligations, and the regulation of international data transfers, shedding light on the potential impact of these changes on privacy practices in Chile.

January 2024

Brazil: ANPD publishes Resolution No. 04 regulating sanctions

In this Insight article, Ana Costa, from FTR Advogados, explores the impact of Resolution CD/ANPD No. 04, of February 24, 2023 (Resolution No. 04) on sanctions, dosimetry, and its broader implications for data privacy compliance under the Brazilian General Personal Data Protection Law (LGPD).

December 2023

Argentina: Cryptocurrency regulation - a fragmented landscape

In this Insight article, Gustavo Bethular and Sofía Grassi, from Richards, Cardinal, Tützer, Zabala & Zaefferer (RCTZZ),[1] provide an overview of the cryptocurrency up-to-date situation in Argentina. Argentina is one of the leading countries in Latin America in terms of cryptocurrency adoption, but its regulatory framework is still in its early stages of development. This lack of regulatory uniformity has created a fragmented landscape, with different government agencies and regulatory bodies issuing their own guidelines and interpretations.

June 2023

Argentina: Cybersecurity incidents landscape

In the following Insight article, Gustavo Bethular and Sofia Grassi, from RCTZZ, examine the cybersecurity situation in Argentina, focusing on the rise in cybercrime. They highlight the impact of COVID-19, measures taken by companies and the public sector, prevalent cyberattacks trends, existing regulations, challenges in reporting and investigating cybercrimes, and the need for enhanced cybersecurity measures.

June 2023

Argentina: New data protection bill - what you need to know

Whilst the Personal Data Protection Act, Act No. 25.326 (the Act) continues to be the main data protection legislation in Argentina, the Argentinian Government begun proposals for a new draft bill (the New Bill) on the protection of personal data in September 2022. In this Insight article, Florencia Rosati and Martín Beccar Varela, from Estudio Beccar Varela, provide an overview of the key provisions and considerations for organizations to ensure compliance if the bill is approved.

March 2023

Brazil: AI landscape and what to expect from the upcoming legislation

The Brazilian Federal Senate established a commission of legal experts ('the AI Commission') who were commissioned with the task of drafting an Artificial Intelligence Legal Framework ('AI Legal Framework').

In this Insight article, Fabio Ferreira Kujawski and Ingrid Soares, from Mattos Filho Advogados, summarise the main findings of the AI Commission that shall guide the discussions in the Brazilian Congress about an upcoming federal statute for AI systems, whilst also analysing existing laws and regulations that currently impact the use and development of AI systems in Brazil.

February 2023

Uruguay: Unpacking the changes to the Uruguayan data protection system

On 3 November 2022, the Official Information Center of Uruguay published Law No. 20075 of 20 October 2022 ('Law No. 20075/2022')1, which was enacted on the same day and which reforms the Uruguayan data protection system in place. Dr. Ana Brian Nougrères, Alejandra Saiz, Ignacio Martinez, and Magdalena Quintana, from Estudio Juridico Briann y Asociados, break down the changes introduced by Law No. 20075/2022, focussing on updated information provision obligations and new powers and functions of the Uruguayan data protection authority ('URCDP').

September 2022

International: Legislative context of data protection – comparing Brazil and Chile

Both Brazil and Chile have existing data protection frameworks which have, in part, been influenced by the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). Samara Schuch and Debora Batista Araújo, from Schuch & Araújo Specialized Law Firm, provide a comparison between the frameworks in both Brazil and Chile, and discuss the challenges and successes of both.

Company

Our Policies

Your Rights

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
© OneTrust, LLC. All Rights Reserved.
The materials herein are for informational purposes only and do not constitute legal advice.