© Leaders League
On September 17th, leading Brazilian firm Pinheiro Neto Advogados announced the hiring of former Google Senior Public Policy and Government Relations counsel, Marcel Leonardi, as it continues to strengthen its technology practice. The move comes soon after Pinheiro Neto became the first Brazilian firm to open an office in Silicon Valley and reflects the firm’s ambition to become the go-to name in Brazil for technology-related legal issues.
Marcel Leonardi is a renowned figure for his extensive experience in the technology sector and was actively involved in the drafting of Brazil’s Internet Law as well as the recently adopted General Data Protection Law. With a Master’s and a PhD in Law from Universidade de São Paulo (USP) and post-doctoral experience at University of California – Berkeley, Mr. Leonardi is also known for his impressive academic background. He is a Professor at Fundação Getulio Vargas - São Paulo (FGV-SP) since 2005 and was on the board of directors at the Brazilian Chamber of Electronic Commerce for almost seven years. He is additionally a Certified Information Privacy Professional in both Europe and the United States and speaks seven languages (English, French, German, Italian, Portuguese, Russian and Spanish).
In an exclusive interview, Leaders League – Brasil recently spoke to Mr. Leonardi about his return to private practice, his goals at Pinheiro Neto Advogados and Brazil’s new General Data Protection Law.
Leaders League. What drove you to leave Google and start a new chapter at Pinheiro Neto Advogados?
Marcel Leonardi. I had a fantastic time at Google. I have been at the forefront of the entire legislative process that led to the adoption of Brazil’s Internet Law and, more recently, the Brazilian General Data Protection Law, an experience like no other. After these accomplishments I felt that it was the right time to go back to being a full-time lawyer and all the different experiences this can offer. Pinheiro Neto offers tradition, excellence and a leadership in technology law, especially privacy. With their bold move into Silicon Valley there was not much doubt about where to go.
What will you focus on at Pinhero Neto? What are your main objectives a private practitioner?
My focus will be data protection, privacy and technology issues. My main objective is to leverage the industry expertise I accumulated at one of the world's most prominent tech companies to help clients deal with new and interesting challenges, such as Brazil's new comprehensive data protection regime, as well as handle complex legal issues related to the digital economy, particularly regarding new business models, cloud computing, online advertising, streaming, gaming, online platforms and artificial intelligence.
What role can civil society play in the development and improvement of Brazil's new data protection and privacy legislation (LGPDP)?
Civil society was the key actor that pushed legislation forward. Associations and organizations presented their concerns whilst listening to the challenges faced by the private sector, insisted that government actors were not left out of the scope of the law and heavily influenced the final language used in the document. Civil society is also playing a fundamental role right now by pushing for the creation of a Brazilian Data Protection Authority. I am certain they will closely follow the application and interpretation of the law once it comes into effect in February 2020.
How well prepared are Brazilian companies and organizations to comply with the LGPDP? What will be their main challenges in this regard?
It depends - larger, multinational companies which prepared for the GDPR over the past two years will have an easier task as several processes and requirements are similar. Companies that were not familiar with a comprehensive data protection regime are realizing they have a lot of work to do to be compliant by February 2020.
The core challenges are: a) operational, which involves the need for mapping data flows throughout the whole business and understanding what the life cycle of data is within the operation; b) legal, which involves understanding, documenting and implementing in practice all the different legal requirements for the processing of personal data, and c) cultural, which involves changing the mindset within the company and embracing privacy by default as the right way of doing business.