""

 

Brazil

Brazil

On this topic page, you can find the IAPP’s collection of coverage, analysis and resources related to privacy in Brazil. The IAPP Resource Center also includes a “Latin America” topic page, which can be accessed here.

Subscribe to the IAPP Latin America Dashboard Digest e-newsletter
Keep up to date with the most important privacy and data protection news from Latin America by subscribing to the Latin America Dashboard Digest e-newsletter.

Featured Resources

Top-5 operational impacts of the LGPD

This is a five-part series aimed at helping global privacy professionals better understand the operational impacts of Brazil’s new General Data Protection Law.
Read More

Affirmative action:
Legal basis under LGPD

Affirmative actions can be found in legislation across Brazil. This article looks at the legal basis for processing data for affirmative action purposes under the LGPD.
Read More

LGPD
(English Translation)

The IAPP Resource Center hosts an English translation of the Brazilian General Data Protection Law. This translation was based on an initial version by Monica Hruby.
Read More


""

Latest News and Resources

CIPL, CEDIS — Effective LGPD Project

The Centre for Information Policy Leadership and Centro de Direito, Internet e Sociedade of Instituto Brasiliense de Direito Público has published this updating series of papers, infographics and public consultations covering Brazil’s General Data Protection Law. Read More

ANPD updates guidance on processing agents, DPOs

Brazil's data protection authority, the Autoridade Nacional de Proteção de Dados, released an updated version of its guidance on definitions of data processing agents and data protection officers. The guidance includes revisions on concepts for controllers, joint controllers, processors, subprocessors and DPOs, as well as practical examples of each role. The ANPD said the updates work to clear up "issues that have generated the most doubts" among those covered by the law.Full Story... Read More

Brazilian Senate appoints commission to address, draft AI regulation

According to the Senate News Agency, Brazil’s Senate appointed a commission of jurists to draft a proposal to regulate AI. The commission will focus on the economic and social impacts of AI in areas including sustainable development, public security, agriculture, industry, digital services, health care and IT, and must report back to the Senate in 120 days. During the drafting process, the commission plans to study other AI regulations, such as those in the European Union. Full Story... Read More

Brazilian Congress approves personal data protection amendment to constitution

Brazilian Congress passed an amendment to Article 5 of the constitution that gives citizens the fundamental right to personal data protection, ZDNet reports. The amendment is an unchangeable clause, which means protections for citizens can only be expanded. Supporters said the amendment elevated the General Data Protection Law into the constitution and would improve the investment climate for the technology and communications sectors. However, critics said proposals approved by the Lower House o... Read More

Brazilian ordinance on employer vaccination mandates faces legal challenges

Like so many around the world, companies in Brazil are grappling with the impact of the COVID-19 pandemic and are working to figure out the best way to return to office while protecting employees’ health and safety. A new ordinance issued Nov. 1 by Brazil’s Ministry of Labor and Welfare, and subsequent legal challenges, are causing even more uncertainty as companies determine how to move forward. Ordinance # 620/2021, which establishes rules and restrictions around employee COVID-19 vaccinatio... Read More

Brazilian government launches data protection guide
(IAPP, September 2021)
ANPD publishes consumer data protection guide
(IAPP, September 2021)
D&I programs and processing of employees’ personal data: Challenges and guidelines considering Brazil’s data protection legal framework
(IAPP, August 2021)
Report: Brazilian board execs struggle to grasp LGPD requirements
(IAPP, August 2021)
Brazil’s DPA holds hearing on the regulation of investigative powers and penalties
(IAPP, July 2021)
ANPD drafts guidance on DPOs, processing agents
(IAPP, June 2021)
Web Conference: How to Comply with Brazil’s Data Protection Law by Leveraging Your GDPR Program
(IAPP, May 2021)
Can mandatory consent be optional? Processing children’s personal data under Brazil’s LGPD
(IAPP, April 2021)
Brazil’s largest bank adds open banking data protection
(IAPP, April 2021)
Toolkit launched to aid government’s LGPD compliance
(IAPP, April 2021)
Does Brazil’s LGPD recognize gender identity, sexual orientation as sensitive personal data?
(IAPP, March 2021)
Wimmer discusses ANPD’s LGPD buildup, priorities
(IAPP, February 2021)
Brazilian SGD publishes guidelines for compliance with LGPD
(IAPP, February 2021)
Just over half of Brazil’s government bodies have appointed DPOs
(IAPP, January 2021)
Survey: 70% of Brazilians unaware of data protection regulations
(IAPP, January 2021)
Brazil’s DPO dilemma: How and who to choose?
(IAPP, December 2020)
LinkedIn Live: ‘Privacy Around the Globe: Brazil’
(IAPP, October 2020)
What to know about Brazil’s DPA director appointments
(IAPP, October 2020)
Study: LGPD likely to require at least 50K DPOs in Brazil alone
(IAPP, October 2020)
Brazil’s LGPD now in effect — what does this mean for enforcement?
(IAPP, September 2020)
An overview of Brazil’s LGPD
(IAPP, September 2020)
Web Conference: The LGPD, GDPR, CCPA and More – How to Abide by Multiple Privacy Laws
(IAPP, September 2020)
Without a DPA, Brazil’s courts face slog of LGPD civil claims
(IAPP, September 2020)
Brazil introduces student privacy bill for online learning
(IAPP, September 2020)
Brazilian agency files first lawsuit for LGPD violations
(IAPP, September 2020)
RIPD welcomes Brazil’s LGPD, new DPA
(IAPP, September 2020)
Brazilian Senate reverses course, national privacy law in effect
(IAPP, August 2020)
The Privacy Advisor Podcast: Um, what just happened in Brazil?
(IAPP, August 2020)
In rapid-fire reversal, Brazil effectuates privacy law immediately
(IAPP, August 2020)
Understanding the LGPD: Basic Elements
(Marcel Leonardi, May 2020)
Brazilian lawmakers vote to delay LGPD
(IAPP, August 2020)
Brazil’s General Data Protection Law in 16 infographics
(IAPP, April 2020)
Controversial ‘fake news’ bill could set back privacy protections for Brazilians
(IAPP, June 2020)
LGPD: The Game
(LGPD Acadêmico, April 2020)
The challenge of adequacy with Brazil’s General Data Protection Law
(IAPP, January 2020)
How Brazil regulates children’s privacy and what to expect under the new data protection law
(IAPP, October 2019)
The Privacy Advisor Podcast: A look at privacy in Mexico and Brazil
(IAPP, May 2019)
What are privacy pros grappling with in Brazil, Mexico?
(IAPP, May 2019)
Recapping the latest updates to Brazil’s general data protection law
(IAPP, August 2019)
Privacy and personal data protection in Brazil: 2019
(IAPP, March 2019)
How to be prepared for Brazil’s new sweeping privacy law
(IAPP, June 2019)
How to be compliant with Brazil’s Data Protection Act
(IAPP, August 2018)
Brazilian Data Protection Law: A complex patchwork
(IAPP, April 2019)
Web con: ‘Understanding the New Brazil General Data Protection Law’
(IAPP, September 2018)
GDPR matchup: Brazil’s General Data Protection Law
(IAPP, October 2018)
The new Brazilian General Data Protection Law — a detailed analysis
(Pereira Neto Macedo)
Brazil’s golden opportunity: The need for an independent DPA
(IAPP, September 2018)
Yes! A Brazilian privacy law! But not quite yet…
(IAPP, July 2018)
View More Resources

LGPD Law and Documents

Brazil’s General Data Protection Law was passed Aug. 18, 2018. The law went into effect Sept. 18, 2020, though administrative sanctions cannot be issued until August 1, 2021.

Brazilian General Data Protection Law (LGPD, English translation)

Last Updated: October 2020Click To View (PDF) Translation by Ronaldo Lemos, Natalia Langenegger, Juliana Pacetta Ruiz, Sofia Lima Franco, Andréa Guimarães Gobbato, Daniel Douek, Ramon Alberto dos Santos and Rafael A. Ferreira Zanatta. As amended by Law no. 13,583, after congressional override of presidential vetoes. This translation was based on an initial version by Monica Hruby (www.mhruby.com). This translation was provided by Rennó Penteado Sampaio Advogados. Amends Law No. 13,709 of ... Read More

CIPL, CEDIS — Effective LGPD Project

The Centre for Information Policy Leadership and Centro de Direito, Internet e Sociedade of Instituto Brasiliense de Direito Público has published this updating series of papers, infographics and public consultations covering Brazil’s General Data Protection Law. Read More

The Data Protection Authority

Brazil’s President Michel Temer enacted a provisional measure, creating the Brazilian Data Protection Authority (Autoridade Nacional de Proteção de Dados or ANPD) and altering several provisions of the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados or LGPD).
View ANPD Website


Top-5 operational impacts of Brazil’s LGPD: Part 5 — Enforcement mechanisms and sanctions

Brazil’s General Data Protection Law entered into effect Sept. 18, 2020. As with any law imposing compliance requirements, a key issue is enforcement — how will the law be administered, and what potential penalties may be imposed for noncompliance? Generally, the LGPD creates an enforcement agency, the National Data Protection Authority, which is authorized to monitor compliance with the law and impose sanctions, including fines, for violations. While this new agency is still being established ... Read More

CNPD establishes internal regulations

A resolution outlining internal regulations and processes for Brazil's National Council for the Protection of Personal Data and Privacy was filed in the Official Gazette. The CNPD will be responsible for the oversight of Brazil's data protection authority, the Autoridade Nacional de Proteção de Dados, which will include proposing strategic guidelines for the ANPD's work, suggesting actions to the regulator and performing annual evaluations. The council will also facilitate studies, debates and p... Read More

ANPD updates guidance on processing agents, DPOs

Brazil's data protection authority, the Autoridade Nacional de Proteção de Dados, released an updated version of its guidance on definitions of data processing agents and data protection officers. The guidance includes revisions on concepts for controllers, joint controllers, processors, subprocessors and DPOs, as well as practical examples of each role. The ANPD said the updates work to clear up "issues that have generated the most doubts" among those covered by the law.Full Story... Read More

ANPD ombudsman releases 2021 management report

The ombudsman of Brazil’s data protection authority, the Autoridade Nacional de Proteção de Dados, presented its first annual management report for 2021. Among other things, the ombudsman is responsible for questions related to the ANPD’s implementation of the Brazilian General Data Protection Law. “Efforts have been made to make citizens’ demands materialize in products and information useful to all stakeholders and affected personal data protection legislation,” the report said, adding the omb... Read More

ANPD releases infosecurity guide for small processors

Brazil's data protection authority, the Autoridade Nacional de Proteção de Dados, published an information security guide for small-scale data processors. The guidance features suggested administrative and technical measures under the General Data Protection Law, and it is accompanied by a checklist outlining how the measures should be adopted. "Inducing and directing the protection of personal data is an important mission of ANPD and making progress in providing tools and document templates can... Read More