On 30 July 2024, the National Consumer Secretariat published Technical Note No. 2/2024/Gab-DPDC/DPDC/SENACON/MJ, providing for the Ads Quality Criteria and Data Quality Criteria, as transparency parameters to be adopted and complied with by digital platforms in Brazil. The recent Technical Note established transparency criteria applicable to platforms, mentioning the need to comply with dignity, health, safety, protection and harmony within consumer relations.

The Brazilian Data Protection Authority (ANPD) published Resolution CD/ANPD No. 19, which creates the procedures and rules for recognizing the suitability of other countries or international bodies to carry out international personal data transfer operations, as well as approving the standard contractual clauses that may be used by processing agents to legitimize the international transfer of personal data.

The Brazilian Data Protection Authority (ANPD) has published Resolution CD/ANPD No. 18, which creates additional rules for the appointment of the Person in Charge (similar, although not equivalent, to the Data Protection Officer under the GDPR).
As background, according to Law No. 13.709/18 (Brazilian Data Protection Law (LGPD)), data controllers must appoint a Person in Charge. The “Person in Charge” has the primary role of serving as a communication liaison between the data controller, data subjects and ANPD, as well as providing training and guidance to the controller’s employees, and complying with any other instructions that controller may give.

On 6 May 2024, the Federal Government published Federal Law No. 14.852/2024, which established the Legal Framework for the Electronic Games Industry in Brazil. The new law sets out the basic principles and rules for the development and sale of electronic games in Brazil. It establishes guidelines on the manufacture, import, marketing, development and commercial use of electronic games, in addition to providing that the State must establish the indicative age classification. Therefore, it provides a specific framework for this sector in Brazil and ensures the protection of its consumers and users.

On 26 April 2024, the Brazilian Data Protection Authority (ANPD) published the Resolution CD/ANPD no. 15 which approved the Regulation on Notification of Security Incident (“Regulation”). Such Regulation sets forth the mandatory procedures that data controllers must follow when notifying security incidents to ANPD and personal data subjects.
According to Law No. 13,709/18 (Brazilian General Data Protection Law, or LGPD), the controller must notify the occurrence of a security incident that may give rise to relevant risk or damage to data subjects not only to ANPD, but also to the data subjects.

The proposed law which regulates the use of Artificial Intelligence in Brazil considers a risk-based approach inspired by the EU AI Act and looks at high, medium and low risk obligations and liabilities.

The Brazilian Data Protection Authority opened on 16 August 2023, a public consultation regarding the Preliminary Study on the personal data processing legal basis of legitimate interest. The consultation will be open for 30 days (until 15 September) on the Participa Mais Brasil platform.

On 15 August 2023, the Brazilian Data Protection Authority launched a public consultation on the regulation of international transfer of personal data, which will be available for 30 days (until 14 September 2023) on the Participa Mais Brasil platfom. The draft under public consultation sets forth the Resolution of the Regulation of International Transfers of Personal Data and the Standard Contractual Clauses template, establishing provisions for the international transfer of personal data according to the Brazilian General Data Protection Law.

On 6 July 2023, the Brazilian National Data Protection Authority (ANPD) issued its first sanction for non-compliance with the Brazilian General Data Protection Law (LGPD). The ANPD’s General Supervision Coordination determined the penalties in conclusion to the administrative sanctioning process against a small business entity, due to violation of articles 7 and 41 of the LGPD, and article 5 of Resolution CD/ANPD No. 1/2021.

On 12 April, Justice Secretary Flavio Dino issued an ordinance that makes it possible to hold digital platforms accountable for the dissemination of content that promotes violence in schools. The document sets forth specific obligations for platforms, such as the immediate removal of certain content after a request from the competent authorities, systemic risk assessment, adoption of measures to prevent the spread of new threats to schools and a policy of active content moderation by application providers. In addition, platforms must prepare reports for the justice secretariat analyzing the risk factors of spreading certain illegal content, and whether recommendation algorithms or other algorithms used by platforms, as well as the content moderation practices adopted, contribute to such risk factors.