backNewsletter (#006/2025) on Privacy and Data Protection by Campos Thomaz Advogados
Alerts, materials, and updates on Privacy, Data Protection, and Cybersecurity.
To subscribe, click here.
Find out more about our DPO as a Service
We have prepared specific material to explain how the external DPO as a Service works. Contact our partners
AI Ethics as a Service: Ethical Governance and Risk Assessment in Artificial Intelligence Systems
The ethical governance of artificial intelligence (AI) has gained accelerated relevance in the Brazilian legal and regulatory landscape, especially with the advancement of Bill No. 2338/2023 and the imminent AI regulation in the European Union (AI Act). In this context, the AI Ethics as a Service model emerges as a strategic solution for organizations seeking to develop, procure, or use AI systems with safety, responsibility, and legal compliance. Learn more.
ANPD Launches Public Consultation on the Use of Biometric Data
On June 2nd, Brazil’s National Data Protection Authority (ANPD) launched a public consultation on the processing of biometric data, considered a sensitive category under the LGPD. This initiative, part of the 2025–2026 Regulatory Agenda, aims to gather input from society to support future rules and guidance on the secure and responsible use of biometric technologies. Open until July 2nd on the Participa + Brasil platform, the consultation covers key areas such as facial recognition, governance, security, data subjects’ rights, and impacts on vulnerable groups. Learn more.
Brazilian Supreme Court Resumes Judgment on Platform Liability and Constitutionality of Article 19 of the Internet Bill of Rights
The Federal Supreme Court (STF) has resumed the judgment on the constitutionality of Article 19 of Brazil’s Internet Bill of Rights (Marco Civil da Internet), which establishes that digital platforms can only be held civilly liable for unlawful content posted by users if they fail to comply with a court order to remove it. The analysis had been suspended in December 2024 following a request for review by Justice André Mendonça, who began delivering his opinion on Wednesday, June 4, 2025, and continued the following day. Learn more.
Committee Approves Exemption of Churches and Political Parties from LGPD Rules
The Communication Committee of the Brazilian Chamber of Deputies has approved a bill that exempts political parties and religious organizations from fully complying with the General Data Protection Law (LGPD). Under the approved text, these entities would not be required to adhere to data handling obligations such as data collection, usage, and storage controls, and would be shielded from penalties for potential violations. Congressman David Soares (União-SP), who authored the substitute version, argued that many churches and political parties, especially smaller ones, lack the infrastructure and technical capacity to meet LGPD requirements, as they are non-profit and funded through voluntary contributions. Learn more.
Resolution Establishes Task Forces to Strengthen Brazil’s National Cybersecurity Policy
Through CNCIBER Resolution No. 8, dated May 26, 2025, and published in the Official Gazette on May 27, the Brazilian Federal Government established four thematic task forces to develop the National Cybersecurity Plan and further implement the National Cybersecurity Policy (PNCiber). The main group, coordinated by the Institutional Security Office, has up to four months to set structured goals through 2031, divided into short-term (2025–2027) and medium-term (2028–2031) actions. The goal is to map ongoing or planned cybersecurity initiatives and build national capacity for data protection, cyberattack prevention, and system resilience. Learn more.
ANPD Assumes Presidency of the Ibero-American Data Protection Network (RIPD)
At the XXI Meeting of the Ibero-American Data Protection Network (RIPD), held in Cartagena, Colombia, Brazil’s National Data Protection Authority (ANPD) was unanimously elected to chair the Network for the 2025–2027 term. This appointment reinforces ANPD’s international leadership and positions Brazil as a key player in digital governance and personal data protection. The RIPD brings together authorities from over 20 countries across the Americas and Europe to foster institutional cooperation and promote alignment of privacy regulations in the Ibero-American region. Learn more.
LGPD Infographic
Access the LGPD infographic prepared by our firm. Access here
Explore our series of content on privacy, data protection, and cybersecurity.
Discover our series of content on privacy, data protection, and cybersecurity. Access the full series here.
Produced by Alan Campos Thomaz and João Marcelo de Oliveira
share
