1) What are the current obstacles for companies to transfer data from        Brazil to other countries? And from other countries to Brazil?    

   

           2) What is the best way to promote convergence and interoperability        between contractual instruments for international data transfers with        the instruments from other jurisdictions? And how can the ANPD act in        this regard?    

   

           3) What are the most effective and most used instruments to enable        international data transfers by large and small companies or        organizations?    

   

           4) What are the main benefits and impacts of international data        transfers? And what are the best alternatives for addressing them in        each of the contractual instruments for data transfers included in the        LGPD and in international practice?    

   

           5) Which criteria and/or requirements should be considered in        regulating each of the following international data transfer mechanisms        and why?    

   a. standard contractual clauses;

   b. specific contractual clauses; and

   c. binding corporate rules.

   

           6) To what extent should the elements to be considered by ANPD also be        taken into account within the scope of the rules for contractual        instruments in assessing the level of data protection of foreign        countries or international bodies for adequacy purposes (Article 34 of        the LGPD)?    

   

           7) Should the standard contractual clauses be rigid and with predefined        content? Or should their regulation allow certain flexibility        concerning the text of the clauses, specifying the desired results and        allowing changes as long as they are not in conflict with the available        standard text?    

   

           8) What is the most appropriate format for ANPD to make models of        standard contractual clauses available for international data        transfers? Are there any relevant tools that could be used to this end        (e.g., decision tree, forms, checkboxes)? Are there any experiences on        the topic that can serve as an example for the ANPD?    

   

           9) Is it necessary to have different rules depending on the type of        processing agents (e.g., specific modules for controllers or        processors) as data exporters or importers in international data        transfers based on contractual clauses? If so, what would they be?    

   

           10) Are there requirements for Binding Corporate Rules that need to be        different from those usually required for Standard Contractual Clauses?        If so, what would they be?    

   

           11) What criteria should be considered when defining a corporate or        economic group for the purpose of applying Binding Corporate Rules?    

   

           12) What is the minimum information (level of detail) on personal data        needed to allow proper compliance analysis by the ANPD of international        transfers of data carried out by contractual instruments, so as to        minimize negative impacts on business activities and to preserve a high        degree of protection for the data subject?    

   

           13) What are the risks and benefits of allowing transfers between        different economic groups whose binding corporate rules have been        approved by the ANPD?    

   

           14) Are there any experiences with the verification and approval of        specific contractual clauses and binding corporate rules that could        serve as an example for the ANPD?    

   

           15) What are the data subject's rights in case of changes in the        original configuration of the transfer? In which situations is it        essential to communicate directly with data subjects or to enable some        type of intervention by them?    

   

           16) What are the best alternatives for resolving conflicts among        processing agents and/or between said agents and data subjects        involving contractual instruments for international data transfers?        Could bilateral, multilateral, or international cooperation between        data protection authorities assist in conflict resolution? If so, how?    

   

           17) What are the best alternatives to promote regulatory compliance        (including in regard to importers) regarding international data        transfers?    

   

           18) What are the best alternatives to resolve practical issues related        to the accountability of stakeholders who transfer data overseas,        especially in cases with onward transfers to other jurisdictions or        when data is processed by other data processing agents in the same        jurisdiction?    

   

           19) What obligations should be assigned to the importer and exporter in        case of access to data by foreign public authorities?    

   

           20) What are the most appropriate mechanisms to provide data subjects        with clear and relevant information about possible transfers of their        personal data to other countries as well as to ensure the adequate        protection of data subjects' rights in international data transfers?        How should these instruments be implemented?