Newsletter June – I.P and Data Protection
25 / 06 / 2019
MADRID PROTOCOL IS APPROVED IN THE BRAZILIAN SENATE
The Senate has approved, on May 22,2019, the Legislative Decree No. 98/2019, which allows Brazil to accede to the Madrid Protocol, being an important step for the protection of trademarks by Brazilian citizens and companies.
The Madrid Protocol, which is a treaty administered by the World Intellectual Property Organization (“WIPO”), has been in force since April 1996 and ratified by more than 100 countries.
The adherence to the Protocol, which is now only pending enactment by the President, will enable individuals and corporations to apply for trademark protection in several countries simultaneously, significantly reducing bureaucracy and costs.
In addition to reducing costs and increasing the scope of protection of trademarks, the adherence to the Protocol will have a greater impact on the trademark registration process in Brazil given that, according to the Protocol, the registration process should take up to eighteen months, while Brazil’s historical average is three to four years.
To request the protection of a trademark through the Protocol, it is necessary that trademark is filed or registered before the Brazilian Patent and Trademark Office (“INPI”). Thus, the owner will be able to request to the INPI (through WIPO) the application for international registration to the member countries of the Protocol where it is desired to register the mark
Likewise, for holders of trademark registrations of the member countries of the Protocol to register their trademarks in Brazil, it will be necessary to request the offices of their respective countries of origin for the OMPI to forward the registration applications to the INPI.
It is important to point out, however, that the adoption of the Protocol without any adjustments would hurt the isonomy between national and foreign applicants, so that it will be necessary to proceed with changes in our system.
Among the adjustments that still need to be implemented by the INPI are the possibility of filing applications in a “multiclass” system and in co-ownership, which is currently prohibited in Brazil.
Notwithstanding the above, the INPI is already preparing to implement all the necessary requirements of the Madrid Protocol and estimates that the system will start operating in October of this year.
BILL OF CONVERSION NO. 7/2019 (FORMER PROVISIONAL MEASURE 869/18) THAT ESTABLISHES THE CREATION OF THE NATIONAL DATA PROTECTION AUTHORITY IS APPROVED BY THE BRAZILIAN SENATE
The Chamber of Deputies has approved, on May 29, 2019, the Provisional Measure no. 869 of December 27, 2018 (“MP 869/2018”) which creates the National Data Protection Authority (“ANPD”) and amends provisions of the Brazilian General Data Protection Law (Federal Law no. 13,709/2018 or “LGDP”).
In the next day, on May 29, 2019, after MP 869/2018 was transformed into Bill of Conversion No. 7/2019, as a result of the changes made in the Chamber of Deputies, it was also approved in the Federal Senate.
After the approval of the Bill of Conversion No. 7/2019 in the two houses, the LGPD now has what should be its final draft, only awaiting sanction by President Bolsonaro.
In general terms, most changes of the Bill of Conversion No. 7/2019 include provisions that were in the original text of the LGPD and were vetoed by former President Michel Temer, such as suspension sanctions.
That said, please find below the main points of modification of the LGPD by the Bill of Conversion No. 7/2019 (not including all the changes, but only the main ones):
• National Authority of Data Protection (“ANPD”): After the veto in the original text of the LGPD, the Bill of Conversion No. 7/2019 creates the National Authority of
Data Protection, a federal public administration body, member of the Presidency of the Republic and which has technical autonomy. However, the legal nature of the ANPD is transient, and can be transformed into an autarchy within two years.
In addition, for the Authority to be independent, it will be necessary that the members of the Board of Directors are submitted to a hearing before the Federal Senate, as it happens with CADE’s directors.
The Bill also brought some specific attributions of the ANPD, which were initially established in the original version of the LGPD, but were amended or deleted in the MP 869/2018, such as the creation of an administrative litigation regarding data protection, with the purpose of deliberating on the interpretation of the law, its jurisdiction and omissions, as well as entering into commitments with treatment agents in order to eliminate irregularity, legal uncertainty or contentious situation.
• Sanctions: The following penalties were added to the LGPD: (i) partial suspension of the operation of the database referred to in the infraction for a maximum period of 6 (six) months, extendable for the same period up to the regularization of the treatment activity by the controller; (ii) suspension of the exercise of the processing of personal data referred to in the infraction for a maximum period of 6 (six) months, extendable for the same period; and (iii) partial or total prohibition of the exercise of activities related to data processing.
These sanctions may only be applied after at least one of the other sanctions (except for the warning) have been imposed for the same case or in the case of controllers submitted to other bodies and entities with sanctioning powers, after the hearing of these bodies.
• 24 months vacatio legis: The Bill of Conversion No. 7/2019 maintained the extension of the vacatio legis of the LGPD to 24 months after its original publication, as already established by MP 869/2018. With this change, the LGPD will fully enter into force in August 2020, postponing the deadline for compliance with the law previously established to February 2020.
• Data Protection Officer: With the new text, not only the controller, but also the operator, should appoint a Data Protection Officer in the situations that will be established by the National Data Protection Authority. In addition, the Data Protection Officer must “have legal and regulatory knowledge and be able to provide specialized services in data protection”.
Finally, the final text kept the possibility of the DPO being a natural or legal person, creating the figure of the “DPO as a service”.
• Sharing and Portability of Sensitive Personal Health Data: The text of the MP 869/2018, which amended the LGPD, was retained to include the possibility of sharing or use of health data for the purpose of obtaining economic advantage in specific cases, provided that it is performed in accordance to the interests of the data subjects.
However, it was included the express prohibition on the treatment of health data for the selection of risk, contracting and exclusion of beneficiary, by health plan operators.
• Right to Review Automated Decisions: The text was amended again and now provides that the revision of decisions made solely based of automated processing must be necessarily conducted by a natural person.
In case of any doubts about this subject, please do not hesitate to contact us.