The data protection authorities of Brazil and Spain issued a joint memorandum outlining an interagency collaboration project that involves sharing institutional resources, expertise and experience. The collaboration is the first such international effort of its kind by the nascent Brazilian DPA since the country’s omnibus privacy law, the General Data Protection Law, went into effect last year. The memo outlines the structure of the collaboration and includes general objectives and commitments, and it allows for future amendments to the collaboration between the international sovereigns. Here are some of the highlights.

Objectives of the collaboration include

  • Laying the foundations for institutional collaboration between the Brazilian and Spanish DPAs.
  • Ensuring joint cooperation on personal data protection enforcement.
  • Providing a framework for the exchange of technical knowledge and best practices in order to strengthen the technical capabilities of both DPAs related to the enforcement of personal data protection law.

The memo establishes several general commitments between the DPAs

  1. Establishing technical cooperation on governing and enforcement knowledge and experiences; identifying best practices in the field of personal data protection.
  2. Encouraging and contributing to research, studies, analyses and reports on the protection of personal data.
  3. Collaborating on the development and dissemination of guides, tools and other materials that aim to facilitate compliance with data protection legislation by data processors.
  4. Identifying and promoting the mechanisms of technical cooperation for the effective implementation of each DPA’s respective national law.
  5. Promoting the development of joint initiatives that contribute to strengthening each DPA’s respective competencies in sectors and areas with important social, environmental and institutional impact.

The memo identifies administrative milestones required to begin the interagency collaboration, which includes:

  1. Clarifying the objectives and activities to be performed or implemented.
  2. Identifying the commitments made by each DPA.
  3. Assigning personnel, facilities and equipment to be used.
  4. Assessing collaboration performance and efficacy.
  5. Identifying any elements necessary to determine precisely the purposes and scopes approved by the DPAs.

Intellectual property

As part of the collaboration, the memo establishes rules governing the exchange of trademarked material and other intellectual property. Each DPA will preserve ownership of their respective intellectual property, according to the provisions of the intellectual property laws of their respective legal systems. In the case of jointly authored works, the signatories agree to share ownership of the rights in accordance with the provisions of their respective intellectual property laws. Finally, each DPA must obtain written consent from the other to use the publications, research or trademark(s) of the other.

Designated contacts

Each DPA agrees to designate a representative to serve as a point of contact between the authorities.  Their duties include coordinating the implementation of the commitments identified in the agreement and other duties promulgated by the DPAs. The named representatives in the memorandum are Brazil’s General Coordinator of Institutional and International Relations Mariana Talouki, and Spain’s Director of the Technological Innovation Luis de Salvador Carrasco, respectively.

Sovereign autonomy

Each DPA’s compliance with the memo will be taken with absolute respect and without prejudice to the autonomy of the other. In other words, the DPAs retain their sovereignty in enforcing their respective laws.

Financing

Nothing in the memorandum indicates any exchange of financial resources between the DPAs.

Conclusion

This memorandum is meaningful because it marks the first international collaboration for the Brazilian DPA since the LGPD went into effect. Even though the collaboration is in its infancy, it will be important to see how Brazilian authorities will internalize the Spanish DPA’s experience with the EU General Data Protection Regulation in the future.

Photo by Greg Rosenke on Unsplash