LGPD

Chapter I (Articles 1-6) Preliminary Provisions
Chapter II (Articles 7-16) Processing of Personal Data
- Section IRequirements for the Processing of Personal Data
- Article 7 - Chances of Carrying Out Personal Data Processing
- Article 8 - Consent of the Personal Data Holder
- Article 9 - Personal Data Subject's Right of Access
- Article 10 - Legitimate Interest of the Controller
- Section IITreatment of Sensitive Personal Data
- Article 11 - Processing of Sensitive Personal Data
- Article 12 - Anonymization of Personal Data
- Article 13 - Processing of Personal Data for Public Health Studies
- Section IIIProcessing of Personal Data of Children and Adolescents
- Article 14 - Personal Data of Children and Adolescents
- Section IVTermination of Data Processing
- Article 15 - Termination of Processing of Personal Data
- Article 16 - Deletion of Personal Data
Chapter III (Articles 17-22) Data Subject's Rights
Chapter IV (Articles 23-32) Processing Activites by the Public Service
Chapter V (Articles 33-36) International Data Transfer
Chapter VI (Articles 37-45) Personal Data Processing Agents
- Section IController and Operator
- Article 37 - RPA's or Treatment Operation Registry
- Article 38 - DPIA or Data Protection Impact Report
- Article 39 - Obligations of the Operator Towards the Controller
- Article 40 - Standards for Interoperability, Portability, Access, Security and Storage Time for Personal Data
- Section IIPersonal Data Controller
- Article 41 - DPO or Person in Charge of Personal Data
- Section IIILiability and Damages
- Article 42 - Repairing Damage to the Personal Data Holder
- Article 43 - Causes of Accountability for Treatment Agents
- Article 44 - Irregularities in the Processing of Personal Data
- Article 45 - Cause of Application of Consumer Laws (CDC) in the Breach of Personal Data
Chapter VII (Articles 46-51) Safety and Good Practice
- Section ISecurity and Data Confidentiality
- Article 46 - TOMs or Technical and Organizational Measures
- Article 47 - Obligations to Guarantee Information Security by Data Processing Agents
- Article 48 - Personal Data Security Incidents
- Article 49 - Structuring of Data Processing Systems
- Section IIGood Practice and Governance
- Article 50 - Rules of Good Practice and Governance
- Article 51 - Encouraging the National Authority to Adopt Technical Standards
Chapter VIII (Articles 52-54) Supervision
- Section IAdministrative Sanctions
- Article 52 - Administrative Sanctions by the National Authority - ANPD
- Article 53 - Regulation of Administrative Sanctions
- Article 54 - Valuation Parameters for Administrative Sanctions
Chapter IX (Articles 55-59) National Data Protection Authority (ANPD) and National Data Protection Council and Privacy
Chapter X (Articles 60-65) Final and Transitional Provisions

Article 13

Processing of Personal Data for Public Health Studies

When conducting studies in public health, research agencies may have access to personal databases, which will be treated exclusively within the agency and strictly for the purpose of conducting studies and research and kept in a controlled and safe environment, in accordance with security practices provided for in specific regulations and including where possible anonymization or pseudonymization of data, as well as due consideration of ethical standards related to studies and research.

1. The disclosure of the results or any excerpt of the study or research dealt with in the caput of this article may under no circumstances reveal personal data.
2. The research agency shall be responsible for the security of the information provided for in the caput of this article, and under no circumstances is the transfer of data to a third party permitted.
3. Access to the data referred to in this article shall be subject to regulation by the national authority and the health and sanitary authorities, within the scope of their responsibilities.
4. For the purposes of this article, pseudonymization is the treatment whereby a data loses the possibility of association, direct or indirect, to an individual, due to the use of additional information kept separately by the controller in a controlled and safe environment.