Supplementary Material for Comparative Analysis of Data Protection Laws and Privacy Frameworks: Optimizing Solutions for Compliance with LGPD and International Data Sharing Laws

Context and motivation: Regarding privacy laws and digital globalization, understanding data regulation compliance and cross-jurisdictional challenges remains limited. To avoid administrative sanctions and to protect user data, organizations and developers must bridge these gaps, navigating laws like the GDPR (EU), ADPPA (EUA), LGPD (BR) and Australian Privacy Act. Question/problem: This study adresses the creation of a comprehensive compliance tool by investigating the similarities and nuances of these laws, as well as the challenges developers and organizations face in implementing Privacy by Design principles and ISO/IEC 29100 standard. Principal ideas/results: Through a Systematic Literature Review (SLR) approach, topics of convergence and divergence were pinpointed among privacy laws and frameworks, as well as the challenges of implementing these laws in software. A survey was used to validate the challenges found at the SLR in the Brazilian context, in which most participants demonstrated a lack of knowledge regarding the LGPD. Lastly, we applied Framework Analysis to code and index key legislation points, allowing us to correlate them and develop a compliance-assistance tool. Contribution: In the several contributions achieved, there is a deeper understanding of the privacy implications in a global context and its practical challenges, and also a practical guidance development, translating legal requirements into actions. Some limitations in this study lie in the interaction between selection and treatment in the survey, as participants' responses will not necessarily serve to generalize the challenges faced by all developers and organizations. Overall, the contributions offer valuable theoretical and practical insights in the data privacy field.

Keywords: Data Privacy, Privacy Requirements, Privacy Challenges, General Data Protection Law, Privacy by Design, ISO/IEC 29100, Privacy Frameworks.