""

 

Brazil

Brazil

On this topic page, you can find the IAPP’s collection of coverage, analysis and resources related to privacy in Brazil. The IAPP Resource Center also includes a “Latin America” topic page, which can be accessed here.

Subscribe to the IAPP Latin America Dashboard Digest e-newsletter
Keep up to date with the most important privacy and data protection news from Latin America by subscribing to the Latin America Dashboard Digest e-newsletter.

Featured Resources

Top-5 operational impacts of the LGPD

This is a five-part series aimed at helping global privacy professionals better understand the operational impacts of Brazil’s new General Data Protection Law.
Read More

Affirmative action:
Legal basis under LGPD

Affirmative actions can be found in legislation across Brazil. This article looks at the legal basis for processing data for affirmative action purposes under the LGPD.
Read More

LGPD
(English Translation)

The IAPP Resource Center hosts an English translation of the Brazilian General Data Protection Law. This translation was based on an initial version by Monica Hruby.
Read More


""

Latest News and Resources

Brazilian ordinance on employer vaccination mandates faces legal challenges

Like so many around the world, companies in Brazil are grappling with the impact of the COVID-19 pandemic and are working to figure out the best way to return to office while protecting employees’ health and safety. A new ordinance issued Nov. 1 by Brazil’s Ministry of Labor and Welfare, and subsequent legal challenges, are causing even more uncertainty as companies determine how to move forward. Ordinance # 620/2021, which establishes rules and restrictions around employee COVID-19 vaccinatio... Read More

Brazilian government launches data protection guide

Brazil's government launched a data protection guide to promote awareness with the general public, ZDNet reports. Created in cooperation with the national data protection authority, the report details the rights of data users, including the right to opt out, how to protect personal information and what steps to take if they have been involved in a data breach. The report also outlines steps organizations "should act in relation to personal data." Editor's note: The IAPP launched a Brazil topic p... Read More

ANPD publishes consumer data protection guide

Brazil's data protection authority, the Autoridade Nacional de Proteção de Dados, along with the National Consumer Secretariat of the Ministry of Justice and Public Security, published a guide to help consumers understand how to secure their data and effectuate data protection rights under the General Data Protection Law. Consumers are given details on what data is necessary or allowed for certain processing activities and what they can do if there is an LGPD violation. Meanwhile, the ANPD has b... Read More

D&I programs and processing of employees' personal data: Challenges and guidelines considering Brazil’s data protection legal framework

Over the past years, many studies have shown when the inclusion cycle begins in employment relations, and it is more likely significant changes are made toward the recognition of rights and safeguards that break the chains of exclusion in our society. Unfortunately, it is also known that social equality is far from being a reality. The study "LGBT+ in the pandemic" found six out of 10 LGBTQ+ people in Brazil experienced a loss or decrease in income due to the COVID-19 pandemic. Also, according t... Read More

Brazil’s DPA holds hearing on the regulation of investigative powers and penalties

Brazil’s data protection authority, the Autoridade Nacional de Proteção de Dados, held hearings July 15 and 16 where the public had the opportunity to offer 5-minute comments, via an online platform, on the draft regulation governing the ANPD’s investigation powers and the application of penalties set forth in the General Data Protection Law. The draft was based on the “responsive regulation” model. This model comes from Professor John Braithwaite’s works and has been widely adopted by Brazilia... Read More

Report: Brazilian board execs struggle to grasp LGPD requirements
(IAPP, August 2021)
ANPD drafts guidance on DPOs, processing agents
(IAPP, June 2021)
Web Conference: How to Comply with Brazil’s Data Protection Law by Leveraging Your GDPR Program
(IAPP, May 2021)
Can mandatory consent be optional? Processing children’s personal data under Brazil’s LGPD
(IAPP, April 2021)
Brazil’s largest bank adds open banking data protection
(IAPP, April 2021)
Toolkit launched to aid government’s LGPD compliance
(IAPP, April 2021)
Does Brazil’s LGPD recognize gender identity, sexual orientation as sensitive personal data?
(IAPP, March 2021)
Opice Blum – Identifying and reacting to security incidents
(Opice Blum, March 2021)
Wimmer discusses ANPD’s LGPD buildup, priorities
(IAPP, February 2021)
Brazilian SGD publishes guidelines for compliance with LGPD
(IAPP, February 2021)
Just over half of Brazil’s government bodies have appointed DPOs
(IAPP, January 2021)
Survey: 70% of Brazilians unaware of data protection regulations
(IAPP, January 2021)
Brazil’s DPO dilemma: How and who to choose?
(IAPP, December 2020)
LinkedIn Live: ‘Privacy Around the Globe: Brazil’
(IAPP, October 2020)
What to know about Brazil’s DPA director appointments
(IAPP, October 2020)
Study: LGPD likely to require at least 50K DPOs in Brazil alone
(IAPP, October 2020)
Brazil’s LGPD now in effect — what does this mean for enforcement?
(IAPP, September 2020)
An overview of Brazil’s LGPD
(IAPP, September 2020)
Web Conference: The LGPD, GDPR, CCPA and More – How to Abide by Multiple Privacy Laws
(IAPP, September 2020)
Without a DPA, Brazil’s courts face slog of LGPD civil claims
(IAPP, September 2020)
Brazil introduces student privacy bill for online learning
(IAPP, September 2020)
Brazilian agency files first lawsuit for LGPD violations
(IAPP, September 2020)
RIPD welcomes Brazil’s LGPD, new DPA
(IAPP, September 2020)
Brazilian Senate reverses course, national privacy law in effect
(IAPP, August 2020)
The Privacy Advisor Podcast: Um, what just happened in Brazil?
(IAPP, August 2020)
In rapid-fire reversal, Brazil effectuates privacy law immediately
(IAPP, August 2020)
Opice Blum: LGPD Infographics
(IAPP, August 2020)
Understanding the LGPD: Basic Elements
(Marcel Leonardi, May 2020)
Brazilian lawmakers vote to delay LGPD
(IAPP, August 2020)
Brazil’s General Data Protection Law in 16 infographics
(IAPP, April 2020)
Controversial ‘fake news’ bill could set back privacy protections for Brazilians
(IAPP, June 2020)
LGPD: The Game
(LGPD Acadêmico, April 2020)
The challenge of adequacy with Brazil’s General Data Protection Law
(IAPP, January 2020)
How Brazil regulates children’s privacy and what to expect under the new data protection law
(IAPP, October 2019)
The Privacy Advisor Podcast: A look at privacy in Mexico and Brazil
(IAPP, May 2019)
What are privacy pros grappling with in Brazil, Mexico?
(IAPP, May 2019)
Recapping the latest updates to Brazil’s general data protection law
(IAPP, August 2019)
Privacy and personal data protection in Brazil: 2019
(IAPP, March 2019)
How to be prepared for Brazil’s new sweeping privacy law
(IAPP, June 2019)
How to be compliant with Brazil’s Data Protection Act
(IAPP, August 2018)
Brazilian Data Protection Law: A complex patchwork
(IAPP, April 2019)
Web con: ‘Understanding the New Brazil General Data Protection Law’
(IAPP, September 2018)
GDPR matchup: Brazil’s General Data Protection Law
(IAPP, October 2018)
The new Brazilian General Data Protection Law — a detailed analysis
(Pereira Neto Macedo)
Brazil’s golden opportunity: The need for an independent DPA
(IAPP, September 2018)
Yes! A Brazilian privacy law! But not quite yet…
(IAPP, July 2018)
View More Resources

LGPD Law and Documents

Brazil’s General Data Protection Law was passed Aug. 18, 2018. The law went into effect Sept. 18, 2020, though administrative sanctions cannot be issued until August 1, 2021.

Brazilian General Data Protection Law (LGPD, English translation)

Last Updated: October 2020 Click To View (PDF) Translation by Ronaldo Lemos, Natalia Langenegger, Juliana Pacetta Ruiz, Sofia Lima Franco, Andréa Guimarães Gobbato, Daniel Douek, Ramon Alberto dos Santos and Rafael A. Ferreira Zanatta. As amended by Law no. 13,583, after congressional override of presidential vetoes. This translation was based on an initial version by Monica Hruby (www.mhruby.com). This translation was provided by Rennó Penteado Sampaio Advogados. Amends Law No. 13,709 o... Read More

The Data Protection Authority

Brazil’s President Michel Temer enacted a provisional measure, creating the Brazilian Data Protection Authority (Autoridade Nacional de Proteção de Dados or ANPD) and altering several provisions of the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados or LGPD).
View ANPD Website


Top-5 operational impacts of Brazil’s LGPD: Part 5 — Enforcement mechanisms and sanctions

Brazil’s General Data Protection Law entered into effect Sept. 18, 2020. As with any law imposing compliance requirements, a key issue is enforcement — how will the law be administered, and what potential penalties may be imposed for noncompliance? Generally, the LGPD creates an enforcement agency, the National Data Protection Authority, which is authorized to monitor compliance with the law and impose sanctions, including fines, for violations. While this new agency is still being established ... Read More

ANPD releases infosecurity guide for small processors

Brazil's data protection authority, the Autoridade Nacional de Proteção de Dados, published an information security guide for small-scale data processors. The guidance features suggested administrative and technical measures under the General Data Protection Law, and it is accompanied by a checklist outlining how the measures should be adopted. "Inducing and directing the protection of personal data is an important mission of ANPD and making progress in providing tools and document templates can... Read More

ANPD publishes consumer data protection guide

Brazil's data protection authority, the Autoridade Nacional de Proteção de Dados, along with the National Consumer Secretariat of the Ministry of Justice and Public Security, published a guide to help consumers understand how to secure their data and effectuate data protection rights under the General Data Protection Law. Consumers are given details on what data is necessary or allowed for certain processing activities and what they can do if there is an LGPD violation. Meanwhile, the ANPD has b... Read More

Brazil’s DPA holds hearing on the regulation of investigative powers and penalties

Brazil’s data protection authority, the Autoridade Nacional de Proteção de Dados, held hearings July 15 and 16 where the public had the opportunity to offer 5-minute comments, via an online platform, on the draft regulation governing the ANPD’s investigation powers and the application of penalties set forth in the General Data Protection Law. The draft was based on the “responsive regulation” model. This model comes from Professor John Braithwaite’s works and has been widely adopted by Brazilia... Read More

Wimmer discusses ANPD's LGPD buildup, priorities

Privacy professionals are still working to make sense of what enforcement of Brazil's General Data Protection Law will look like when the law's grace period ends Aug. 1, 2021. Brazil's data protection authority, the Autoridade Nacional de Proteção de Dados, pulled back the curtain on its enforcement focuses with the recent release of its regulatory agenda and 2021–23 strategic plan. ANPD Director Miriam Wimmer, CIPP/E, appointed to one of five seats on the regulator's board of directors in Octo... Read More