On October 15, 2020, Brazil’s President Bolsonaro officially nominated the five Directors of the new Brazilian data protection authority (Agência Nacional de Proteção de Dados, “ANPD”), as published in the Brazilia Official Journal. The Decree establishing the ANPD, on which we reported earlier, is now fully in effect. All five nominations, however, must still be approved by the Brazilian Senate, which means there are further steps before the ANPD is fully established and operational.

The Brazilian data protection law (Lei Geral de Proteção de Dados Pessoais, “LGPD”) establishes that these five nominations will have mandates ranging from six to two years. It also establishes that the ANPD will be initially linked to the Brazilian Presidency. The Presidency will have two years to review the ANPD structure, during which time it may convert the ANPD into an independent public authority.

The five nominated Directors include three with a military background, one from the Brazilian Ministry of Science, Technology, Innovation and Communication, and one partner of a Brazilian law firm:

  • Waldemar Gonçalves Ortunho Junior – Director-President (six-year mandate), Army Colonel and electronic engineer, currently President of the Brazilian telecommunications company Telebrás
  • Arthur Pereira Sabbat (five-year mandate), currently Director of the Information Security department of the Brazilian Presidency
  • Joacil Basilio Rael (four-year mandate), computer engineer who graduated from the Military Engineering Institute
  • Nairane Farias Rabelo Leitão (three-year mandate), lawyer and partner of a Brazilian law firm
  • Miriam Wimmer (two-year mandate), Director of Telecommunications Services at the Brazilian Ministry of Science, Technology, Innovation & Communications, and professor at the Instituto Brasiliense de Direito Público

The five Directors will have the responsibility of establishing a brand new technical data protection authority. The Centre for Information Policy Leadership (“CIPL”) has written a white paper outlining how the ANPD can effectively meet and prioritize its statutory responsibilities. Download the paper, The Role of the Brazilian Data Protection Authority (ANPD) under Brazil’s New Data Protection Law (LGPD) (Portuguese version here), and access more information about CIPL and CEDIS-IDP project on LGPD effective implementation and regulation.

Update: On October 20, 2020, the Brazilian Senate approved all five nominations after a public hearing.