Art. 55 - (vetoed)Art. 56 - (vetoed)Art. 57 - (vetoed)Art. 58 - (vetoed)Art. 59 - (vetoed)

Art. 33

International transfer of personal data is only allowed in the following
I – to countries or international organisations that provide a level of protection of personal data that is adequate to the provisions of this Law;
II – when the controller offers and proves guarantees of compliance with the principles and the rights of the data subject and the regime of data protection provided in this Law, in the form of:
a) specific contractual clauses for a given transfer;
b) standard contractual clauses;
c) global corporate rules;
d) regularly issued stamps, certificates and codes of conduct;
III – when the transfer is necessary for international legal cooperation between public intelligence, investigative and prosecutorial agencies, in accordance with the instruments of international law;
IV – when the transfer is necessary to protect the life or physical safety of the data subject or of a third party;
V – when the national authority authorises the transfer;
VI – when the transfer results in a commitment undertaken through international cooperation;
VII – when the transfer is necessary for the execution of a public policy or legal attribution of public service, which shall be publicised pursuant to Item I of the lead sentence of Art. 23 of this Law;
VIII – when the data subject has given her/his specific consent and distinct for the transfer, with prior information about the international nature of the operation, with this being clearly distinct from other purposes; or
IX – when it is necessary to satisfy the situations provided in Items II, V and VI of Art. 7 of this Law. Sole paragraph. For purposes of Item I of this article, the legal entities of public law referred to in the sole paragraph of Art. 1 of Law No. 12,527, of November 18, 2011 (the “Brazilian Access to Information Law”), within their legal competences, and those parties accountable, within the scope of their activities, may request the national authority to evaluate the level of protection of personal data provided by a country or international organisation.