Brazil

Over the past few months, there have been several notable developments in the cross-border data frameworks of the U.S., EU, UK, Brazil, and several Asia Pacific (“APAC”) countries. These developments reflect evolving regulatory approaches to international data flows, trade agreements, and national security priorities—each with certain nuances and particularities that multinational companies need to understand and be prepared to navigate. 

This blog post provides a brief summary of these developments and key takeaways for companies transferring personal data to or from these jurisdictions. Continue Reading Roundup of Cross-Border Data Transfer Developments

On September 17, 2025, Brazil enacted the Digital Statute of the Child and Adolescent (“Digital ECA”), establishing a pioneering regulatory framework for protecting children (under 12 years of age) and adolescents (between the ages of 12 and 18) online. Brazil’s Congress approved the new law in a matter of just a few days in response to parents’ pressure, after a well-known Brazilian digital influencer published a series of online videos on the “adultization” of children on the internet.Continue Reading Brazil Adopts Law Protecting Minors Online

On September 5, 2025, the European Commission announced the launch of the process to adopt an adequacy decision for Brazil under the General Data Protection Regulation (GDPR), involving an assessment of whether Brazil ensures an adequate level of personal data protection comparable to that in the EU. Once adopted, the decision would permit personal data to flow freely between Brazil and the EU without the need for additional safeguards, covering flows from businesses, public authorities, and research projects.

The Brazilian federal government, through the National Data Protection Authority (ANPD), announced that it is simultaneously considering adopting an equivalent adequacy decision to facilitate the uninterrupted flow of data from Brazil to the EU. The parallel initiatives highlight a mutual commitment to aligning privacy and data protection standards across the Atlantic, and take place in a context of closer bilateral relations and increased U.S. scrutiny of Brazilian and European digital policies.Continue Reading European Commission and Brazil Advance Towards Mutual Adequacy Decision

On August 23, 2024, the Brazilian Data Protection Authority (“ANPD”) published Resolution 19/2024, approving the Regulation on international data transfers and the content of standard contractual clauses (the “Regulation”).  The Regulation implements the international data transfer framework under the Brazilian General Data Protection Law (“LGPD”).Continue Reading Brazil Issues New Regulation on International Data Transfers

On December 1, 2022, a committee of the Brazilian Senate presented a report (currently available only in Portuguese) with research on the regulation of artificial intelligence (“AI”) and a draft AI law (see pages 15-58) (“Draft AI Law”) that will serve as the starting point for deliberations by the Senate on new AI legislation.  When preparing the 900+ page report and Draft AI Law, the Senate committee drew inspiration from earlier proposals for regulating AI in Brazil and its research into how OECD countries are regulating (or planning to regulate) in this area, as well as inputs received during a public hearing and in the form of written comments from stakeholders.  This blog posts highlights 13 key aspects of the Draft AI Law.Continue Reading Brazil’s Senate Committee Publishes AI Report and Draft AI Law

On September 8, 2022, the Brazilian Data Protection Authority (“ANPD”) launched a public consultation on the processing of minors’ personal data (encompassing children under 12-years-old and adolescents between the ages of 12- and 18-years-old).  The consultation will conclude on October 7, 2022.  According to the ANPD, the purpose of the consultation is to resolve divergent interpretations among public authorities, academics, privacy professionals, and representatives of civil society regarding the Brazilian Data Protection Law’s (“LGPD”) provision on the processing of minors’ personal data (Article 14).  The Authority will use the feedback it receives to draw up guidelines on the topic and, possibly, amend the LGPD.Continue Reading Brazil’s ANPD Launches Public Consultation on the Processing of Minors’ Personal Data

On August 26, 2020, the Brazilian Senate rejected an alteration made to Article 4 of Provisional Measure 959/20 — an alteration intended to postpone the effective date of the General Data Protection Law (“LGPD”) until December 31, 2020.  Following the removal of Article 4 — and many months of uncertainty — the LGPD’s effective date now reverts to the originally scheduled date of August 16, 2020.  The date for enforcement of fines and penalties remains as August 1, 2021, having previously been postponed by Law No. 14.010.
Continue Reading LGPD Effective Imminently

On our third episode of our Inside Privacy Audiocast, we are aiming our looking glass at Brazil’s new data protection statute, Lei Geral de Proteção de Dados (or LGPD), and are joined by Ronaldo Lemos, a partner at Rennó Penteado.

In our episode recorded earlier this week, Dan
Continue Reading Inside Privacy Audiocast: Episode 3 – Emerging Data Privacy Issues in Brazil

As businesses prepare for the Brazil General Law for Data Protection, or LGPD, one key provision is still up in the air: the date the law takes effect.  Under the original law, the LGPD was scheduled to take effect next Sunday, August 16.  For the past several months, however, that date has been a moving target.
Continue Reading An Uncertain Date: Preparing for the LGPD to Take Effect

The Brazil Senate unanimously approved a bill today that would delay implementation of the Brazil General Law for Data Protection, or LGPD, until January 1, 2021 and enforcement of fines and penalties until August 1, 2021.  The LGPD is currently scheduled to take effect on August 15, 2020.

The draft bill — one of four pending in the Senate that propose to delay implementation of the LGPD — is broad in scope, encompassing not only the LGPD, but also statutes of limitations and sanctions for certain anti-competitive conduct.  Senator Antonio Anastasia, the sponsor of the bill, explained that the bill is intended to give businesses an opportunity to focus on other urgent matters arising from the COVID-19 pandemic.
Continue Reading Brazil Senate Approves Bill Delaying LGPD Enforcement