European Commission proposes adequacy for EU-Brazil data transfers

On 5 Sept., the European Commission published a draft adequacy decision proposing to recognize Brazil as providing a level of personal data protection essentially equivalent to the European legal framework. The objective is to enable international data transfers from the European Union to Brazil with greater legal certainty and reliability.

Key findings supporting Brazil's adequacy status

In its draft adequacy decision, the European Commission concluded Brazil provides an "essentially equivalent" level of data protection to the EU, paving the way for smoother data flows between the two jurisdictions.

The assessment emphasizes Brazil's robust constitutional and legal framework, noting that privacy and data protection are enshrined as fundamental rights in the Federal Constitution and reinforced by the country's comprehensive General Data Protection Law.

The LGPD mirrors the EU General Data Protection Regulation in many of its core definitions and principles. Brazil's adherence to international human rights conventions — such as the American Convention on Human Rights and the recognition of the binding authority of the Inter-American Court of Human Rights — adds further credibility to its protections.

The draft also highlights the role of Brazil's independent supervisory authority, the Autoridade Nacional de Proteção de Dados, as a cornerstone of the country's data protection regime. Since its transformation into an autonomous body in 2022, the ANPD has demonstrated both regulatory and enforcement capacity, issuing binding rules, investigating infringements and applying sanctions against public and private entities alike.

The Commission underlined that the authority's independence and wide-ranging powers are critical to ensuring accountability and effective oversight under the LGPD.