Generic selectors
Exact matches only
Search in title
Search in content

The future of finance in LatAm & the Caribbean

January 26, 2022

Brazilian open banking moves ahead despite data law postponement

May 18, 2020

By Fabiola Seminario
Brazil Banca Abierta
Brazilian lawmakers have delayed data protection laws but are pushing ahead on open banking regulations.


Brazil is moving ahead with open banking regulations, meaning that a critical focus for banks in the next months will be to get data-use consent.

Financial institutions will need to take into account new rules stipulating that data belongs to individuals, says Maristela Martins, country manager for Brazil at Backbase. That means that clients journeys will need to include explicit, simple, quick and secure consent agreements.

“Building the consent journey should be the main point to be addressed by companies,” Martins told iupana.

After lengthy discussions, the Brazilian Central Bank and the National Monetary Council set out open banking regulations earlier this month. The data-sharing framework aims to foster financial inclusion, drive competition in financial services and increase security.

“It’s a substantial and, above all, paradigmatic change,” says Marcelo Chiavassa, professor of digital law at Universidade Presbiteriana Mackenzie Campinas. “The premise is that the personal data held by banks and other financial institutions do not belong to them, but to the respective holders, customers.”

The rules will be phased in over the course of a year, starting from November.

See also: Digital banking and fintech news wrap: Open Banking advances in Brazil, Ualá and Mercado Libre take off, Google and Gates promote digital payments

Brazilian GDPR delayed as Open Banking advances

Brazilian open banking rules are aligned with the country’s General Data Protection Regulations (LGPD, in Portuguese), and based on the premise that financial consumers own their personal data. However, the open banking advance closely followed a major delay to implementation of LGPD – from August to May 2021 – due to the Covid-19 pandemic.

“For now, we can say that the LGPD has been temporarily extended,” said Chiavassa, adding that the postponement came through a provisional measure that could be reversed by congress.

“Obviously, it would be better if it came into force in August 2020, as this would bring more security to society and a qualitatively superior instruction with regard to privacy and data protection personal,” Chiavassa said.

However, the open banking regulations are seen as effective and complete when it comes to privacy and protection of personal data – and compatible with the spirit, principles and premise (self-determination) of the LGPD.

Companies that are regulated by BCB must comply with both regulations: LGPD as a general rule, and with the Central Bank’s regulation specifically for data shared with other institutions with authorization from the holder.

“If there’s any incompatibility between the BCB and LGPD rules, the LGPD must be respected, in view of the hierarchy of rules,” Chiavassa noted.

See also: LatAm Lending fintechs: NPL rates surge amid COVID-19

Are you subscribed to our weekly newsletter? Click here to do it. Every Monday we will send you a special report on the fintech sector in Latin America. You can also follow us on LinkedIn and Facebook.

Are you subscribed to our weekly newsletter?

Leave your details to receive our Monday briefing on the key news in digital banking, fintech and payments in Latin America.


Submit a Comment

Your email address will not be published. Required fields are marked *


error: Por favor, respeta nuestro trabajo: La reproducción de nuestros contenidos está estrictamente prohibida.