News and Business
Data Privacy and Protection Day: an overview of the Brazilian scenario
The evolution of data protection regulations in Brazil is a sign of the area's growing relevance, though emerging issues pose challenges that will require further regulatory measures
Each year, the world marks Data Privacy and Protection Day on January 28. In Brazil, the issue was put firmly in the spotlight with the creation of the General Data Protection Law (LGPD – Law No. 13,709/2018), which has been in effect since September 2020. This was soon followed by Constitutional Amendment No. 115/2022, which elevated the status of personal data protection to a fundamental right.
After the LGPD was enacted, the newly established Brazilian Data Protection Authority (ANPD) officially commenced activity in 2020. This authority has played a crucial role ever since, both in guiding and monitoring LGPD compliance as well as in drafting relevant regulations.
2024 saw the ANPD significantly intensify its efforts, with a particular emphasis on emerging technologies such as artificial intelligence (AI). Several of the ANPD’s initiatives have addressed the relationship between data protection and AI over the past year, including:
- A call for contributions on AI and reviewing automated decisions;
- A regulatory sandbox concerning data protection and AI;
- The ANPD’s Generative AI Guide;
- Activities concerning AI system oversight.
In commemorating Data Privacy and Protection Day, Mattos Filho has released a practical guide for data processing agents in English, covering the main provisions of the LGPD and what to expect from the ANPD in terms of regulatory activity in 2025.
Moreover, in the latest episode of the Único Podcast, experts from our Data Protection & Cybersecurity practice discuss the ANPD’s actions over the past year in regard to key issues surrounding data protection and AI. See the links below to listen on your preferred platform (episode available in Portuguese):
For more information on the subject, please contact Mattos Filho’s Data Protection & Cybersecurity practice.
