Cost savings, legal certainty and stability are expected for European companies already in Brazil and for Brazilian companies expanding their activity to the EU market
The European Union (EU) and Brazil have completed the mutual recognition and adequacy steps to create the largest free and secure data flow area in the world, benefiting 670 million consumers, Brussels announced.
“Today, the European Commission and Brazil adopted mutual adequacy decisions, confirming that their levels of data protection are comparable. Recognizing the high standards of data protection that safeguard consumers and citizens on both sides, these agreements now allow companies, public authorities and researchers to exchange data freely between the EU and Brazil”, indicates the community executive in a statement.
The recognition of data protection systems, in relation to which the European Commission speaks of the “largest area of free and secure data flows in the world, benefiting a combined total of 670 million consumers in the EU and Brazil”, and highlights the “boost for digital trade between the two jurisdictions” since “personal data can circulate freely and securely”.
Cost savings, legal certainty and stability are expected for European companies already in Brazil and for Brazilian companies expanding their activity to the EU market.
These mutual adequacy decisions arise in the context of the signing of the partnership agreement between the Union and the countries of the Southern Common Market (Mercosur).
“The decisions constitute a fundamental element for strengthening trade between the EU and Brazil and send another strong geopolitical signal, demonstrating shared commitment […] with multilateralism and the rules-based international order”, says the community executive.
The adoption of mutual adequacy decisions follows an opinion from the European Data Protection Board and approval from EU Member States under the so-called comitology procedure.
Brussels will now review the functioning of its adequacy decision after a period of four years.
Brazil’s Constitution protects privacy and data protection as fundamental rights, as is the case under the EU Charter of Fundamental Rights.
In 2018, Brazil adopted the General Data Protection Law, equivalent to the EU’s General Data Protection Regulation (GDPR).
Subsequently, Brasília created an independent data protection authority, the National Data Protection Authority, a fundamental pillar of the European data protection framework.
The European Commission has the power, under the GDPR, to determine whether a third country ensures an adequate level of data protection and, based on this, can begin the process of adopting an adequacy decision, which allows free flow without additional obstacles.
