Brazilian lawmakers have delayed data protection laws but are pushing ahead on open banking regulations.
Brazil is moving ahead with open banking regulations, meaning that a critical focus for banks in the next months will be to get data-use consent.
Financial institutions will need to take into account new rules stipulating that data belongs to individuals, says Maristela Martins, country manager for Brazil at Backbase. That means that clients journeys will need to include explicit, simple, quick and secure consent agreements.
“Building the consent journey should be the main point to be addressed by companies,” Martins told iupana.
After lengthy discussions, the Brazilian Central Bank and the National Monetary Council set out open banking regulations earlier this month. The data-sharing framework aims to foster financial inclusion, drive competition in financial services and increase security.
“It’s a substantial and, above all, paradigmatic change,” says Marcelo Chiavassa, professor of digital law at Universidade Presbiteriana Mackenzie Campinas. “The premise is that the personal data held by banks and other financial institutions do not belong to them, but to the respective holders, customers.”
The rules will be phased in over the course of a year, starting from November.
Brazilian GDPR delayed as Open Banking advances
Brazilian open banking rules are aligned with the country’s General Data Protection Regulations (LGPD, in Portuguese), and based on the premise that financial consumers own their personal data. However, the open banking advance closely followed a major delay to implementation of LGPD – from August to May 2021 – due to the Covid-19 pandemic.
“For now, we can say that the LGPD has been temporarily extended,” said Chiavassa, adding that the postponement came through a provisional measure that could be reversed by congress.
“Obviously, it would be better if it came into force in August 2020, as this would bring more security to society and a qualitatively superior instruction with regard to privacy and data protection personal,” Chiavassa said.
However, the open banking regulations are seen as effective and complete when it comes to privacy and protection of personal data – and compatible with the spirit, principles and premise (self-determination) of the LGPD.
Companies that are regulated by BCB must comply with both regulations: LGPD as a general rule, and with the Central Bank’s regulation specifically for data shared with other institutions with authorization from the holder.
“If there’s any incompatibility between the BCB and LGPD rules, the LGPD must be respected, in view of the hierarchy of rules,” Chiavassa noted.
Are you subscribed to our weekly newsletter? Click here to do it. Every Monday we will send you a special report on the fintech sector in Latin America. You can also follow us on LinkedIn and Facebook.
Here are the best webinars and online events in the digital banking and fintech sector in Latin America, from June 15 to 19
Through Krealo, Credicorp is taking aim at the Chilean retail banking market with the launch of a new digital bank, Tenpo
“Fintech is going to eat Latin America” says founder of British startup
Banks are teaming up with big tech platforms at the same time as they compete with them
Inside the coffee banking model in Bolivia
Panamanian bank Banistmo is testing gamification and QR payments
- Coffee, banking, and a new sales channel in Bolivia
- Bradesco clocks 33m AI interactions in H1
- Mexico’s fintechs step into new legal era with secondary regulation details
- Citibanamex mulls developer API strategy
- MercadoLibre’s narrowing margins show costs of fintech pivot
- Debt financing options grow for LatAm fintech lenders