Skip to main content
Featured Topics
Featured Insights
View All Services
View All Industries
About Us Overview
  • Home
  • Insights
  • Bill Aims to Amend LGPD Provisions on Security Incident Publicization

Bill Aims to Amend LGPD Provisions on Security Incident Publicization

Authors:
Generate PDF
Share

On April 13, 2023, Bill 1876/2023 was presented by its sponsor, Congressman Marcos Tavares (PDT/RJ), aiming to amend the Brazilian General Data Protection Law (the “LGPD”) by adding the following language:

"Art. 54-A. The data controllers must disclose, in mass media outlets and on their pages and profiles, any security incident that may pose a relevant risk or damage to the data subjects, and must report the incident to the National Data Protection Authority (ANPD)."

The objective of the proposed legislative amendment is to require the widespread publication of incidents involving personal data security in mass media, which may pose a risk or damage, regardless of the actual impact on the data subjects, the number of affected individuals, and regardless of whether public disclosure is actually the best measure to safeguard the rights of the data subjects.

Article 52, IV of the LGPD already provides for one possible sanction to be applied by the ANPD: the publicizing of the violation after its occurrence has been investigated and confirmed. In other words, the disclosure of the incident in mass media is already provided for in LGPD and only occurs after due process of law, ensuring the controller's right to a hearing, as not only would such publication generate a burden for the data processing agent, but it would also significantly harm the agent’s reputation, which tends to translate into loss of clients, businesses, and revenue. 

The proposed article also brings up another controversial point, as it not only disregards the due process of law already determined by LGPD but also indicates that the mere possibility of posing a risk or harm to the data subjects would already generate the obligation to publish the incident—before the matter had been properly investigated and confirmed. 
The bill does not take into account the data processing carried out by liberal professionals and small-scale data processing agents, nor does it address the volume of data affected by the incident. In this regard, requiring any controller to disclose an incident in a large-circulation vehicle is incompatible with current law.

Finally, Article 2 of Bill 1876/2023 delegates the competence and responsibility of establishing the necessary complementary rules for the execution of the law to the Federal Executive Power, instead of to the ANPD. This approach opens up room for possible regulatory conflicts between the ANPD and any decrees issued by the executive branch.
We are monitoring the legislative progress of the matter and will keep our clients updated on it.

 

Authors

Related Services & Industries

Stay Up To Date With Our Insights

See how we use a multidisciplinary, integrated approach to meet our clients' needs.
Subscribe

Follow us

© 2025 Mayer Brown

 

 

Mayer Brown is a global legal services provider comprising associated legal practices that are separate entities, including Mayer Brown LLP (Illinois, USA), Mayer Brown International LLP (England & Wales), Mayer Brown Hong Kong LLP (a Hong Kong limited liability partnership) and Tauil & Chequer Advogados (a Brazilian law partnership) (collectively, the “Mayer Brown Practices”). The Mayer Brown Practices are established in various jurisdictions and may be a legal person or a partnership. PK Wong & Nair LLC (“PKWN”) is the constituent Singapore law practice of our licensed joint law venture in Singapore, Mayer Brown PK Wong & Nair Pte. Ltd. Mayer Brown Hong Kong LLP operates in temporary association with Johnson Stokes & Master (“JSM”). More information about the individual Mayer Brown Practices, PKWN and the association between Mayer Brown Hong Kong LLP and JSM (including how information may be shared) can be found in the Legal Notices section of our website.

“Mayer Brown” and the Mayer Brown logo are trademarks of Mayer Brown.

Attorney Advertising. Prior results do not guarantee a similar outcome.