1) What are the current obstacles for companies to transfer data from Brazil to other countries? And from other countries to Brazil?

2) What is the best way to promote convergence and interoperability between contractual instruments for international data transfers with instruments from other jurisdictions? And how can ANPD act in this regard?

3) What are the most effective and the most used instruments to legitimize the international data transfer by large and small companies or organizations?

4) What are the main benefits and impacts of international data transfers, and what are the best alternatives for addressing them in each of the contractual instruments for data transfers included in the LGPD and international practice?

5) Wich criteria and/or requirements should be considered in regulating each of the following international data transfer mechanism and why?

a.standard contractual clauses;

b. specific contractual clauses; and

c. binding corporate rules.

6) To what extent the elements to be considered by ANPD in assessing the level of data protection of foreign countries or international bodies for adequacy purposes (article 34 of the LGPD) should be considered within the scope of the rules for contractual instruments?

7) Should the standard contractual clauses be rigid and with predefined content , or should their regulation allow certain flexibility concerning the text of the clauses, specifying the desired results and allowing changes as long as they do not conflict with the standard text made available?

8) What would be the most appropriate format for ANPD to make available models of standard contractual clauses for international data transfers? Are there any tools that could be interesting for it (e.g., decision tree, forms, checkboxes)? Are there any experiences on the theme that could serve as an example for ANPD?

9) Is it necessary to have different rules depending on the type of processing agents (e.g., specific modules for controllers or operators) as data exporters or importers in international data transfers carried out by contractual clauses? If so, what would it be?

10) Are there requirements that need to be different for Binding Corporate Rules from those usually required for Standard Contractual Clauses? If so, what would it be?

11) What criteria should be considered when defining eligibility of an economic or business group for the application of Binding Corporate Rules?

12) What is the minimum information (level of detail) on personal data needed to allow proper compliance analysis by the ANPD of the international transfers of data carried out by contractual instruments that may minimize negative impacts on business activities and preserve a high degree of protection to the data subject?

13) What are the risks and benefits of allowing transfers between different economic groups whose binding corporate rules have been approved by ANPD?

14) Are there any experiences with the verification and approval of specific contractual clauses and binding corporate rules that could serve as an example for ANPD?

15) What are the data subject`s rights in case of changes in the original configuration of the transfer? In which situations would be essential a direct communication with the data subjects or some type of intervention by them?

16) What are the best alternatives for resolving conflicts between processing agents and/or between those agents and data subjects involving contractual instruments for international data transfers? Could bilateral, multilateral or international cooperation between data protection authorities assist in conflict resolution? If so, how?

17) What are the best alternatives to promote regulatory compliance (including concerning the importer) regarding international data transfers?

18) What are the best alternatives to resolve practical issues related to the accountability of stakeholders who transfer data overseas, especially in cases where onward transfers to other jurisdictions occur or when the data even in the same jurisdiction are processed by other data processing agents different from importer?

19) What obligations should be assigned to the importer and exporter in case of access to data by determination of foreign public authorities?

20) What are the most appropriate mechanisms to provide data subjects with clear and relevant information about the possible transfer of their personal data outside of Brazil as well as to ensure the adequate protection of data subjects` rights in international data transfer? How should these instruments be implemented?