Brazil’s Senate approves Presidential appointees for Brazilian Data Protection Authority

On October 15, 2020, President Jair Bolsonaro appointed the five members for the new Brazilian Data Protection Authority (ANPD). Three of the five appointees have military backgrounds (following Bolsonaro's previous nominations for other agencies), one is a public servant from the Ministry of Science, Technology, Innovation and Communication, and the remaining one is a partner at a Brazilian law firm.

October 19, 2020, the appointees were approved by the Infrastructure and Services Commission of Brazil’s Senate as part of an approval process named "Sabatina." The Sabatina aims to assess if the appointee meets the requirements provided by Brazilian law, which include having proven technical skills, experience, acquitted reputation, and professional experience. Their names were submitted for approval to Senate’s plenary in compliance with Law No. 9,986/2000 (the "Regulatory Agencies Act") and article 52, III, f, of the Brazilian Constitution and were approved on October 20, 2020.

The LGPD, whose main provisions entered into force on September 18, 2020 following a period of uncertainty over the exact implementation date (see our summary, here), requires Brazil’s President to establish the national regulator. The ANPD will have the ability to assess fines of 2% of the legal group’s Brazilian revenues in the preceding fiscal year (up to a maximum of BRL 50,000,000 per violation), once the LGPD’s administrative sanctions provisions enter into force on August 1, 2021.

In addition to investigations, enforcement, and oversight, the LGPD assigns the ANPD significant rulemaking authority over practical issues that are not fully developed in the law, which will impact companies’ compliance programs. For example, the ANPD is charged with:

  • Guidance on scope of LGPD subject-matter jurisdiction exceptions;
  • Sharing sensitive data between controllers;
  • Standards for anonymization of data;
  • Obligations related to satisfying consumer rights;
  • Adequacy findings for third countries and defining data transfer mechanisms;
  • Scope of required security, technical, and administrative measures;
  • Timing of mandatory security incident reporting; and
  • Rules for good practice and governance.

The ANPD appointees are:

  • Waldemar Ortunho is the current president of Telebras, which is a state-owned company engaged in the telecommunications sector. He has been appointed as the chair of the ANPD’s board for a six-year term. As the chair, he will represent ANPD and will have hierarchical authority over the other officers. Also, he will be responsible for other administrative capacities and for ANPD sessions.
  • Arthur Pereira Sabbtat is currently a Director at the Information Security department of the Brazilian Presidency. He was appointed for a five-year term.
  • Joacil Basilio Rael is an advisor at Telebras and was appointed for a four-year term.
  • Miriam Wimmer is a Director of Telecommunications Services at the Brazilian Ministry of Science, Technology, Innovation & Communications and was appointed for a two-year term.
  • Nairane Farias Rabelo is a lawyer specialized in data privacy. She was appointed for a three-year term.


Authored by Isabel Carvalho, Paula Pagani, and Rafael Szmid.

Isabel da Costa Carvalho
São Paulo
Bret Cohen
Washington, D.C.
Julian Flamant
NW Washington, D.C.
Filippo Raso
Washington, D.C.


This website is operated by Hogan Lovells Solutions Limited, whose registered office is at 21 Holborn Viaduct, London, United Kingdom, EC1A 2DY. Hogan Lovells Solutions Limited is a wholly-owned subsidiary of Hogan Lovells International LLP but is not itself a law firm. For further details of Hogan Lovells Solutions Limited and the international legal practice that comprises Hogan Lovells International LLP, Hogan Lovells US LLP and their affiliated businesses ("Hogan Lovells"), please see our Legal Notices page. © 2022 Hogan Lovells.

Attorney advertising. Prior results do not guarantee a similar outcome.