This Thursday (14), the General Data Protection Law (LGPD) marks seven years since it was enacted. Approved in 2018, the legislation represents a watershed moment in the consolidation of fundamental rights in the Brazilian digital environment, ensuring privacy, freedom, and the protection of citizens' personal data.
Since it came into effect, the LGPD has regulated the processing of personal data, including sensitive information such as racial origin, ideological beliefs, and biometric data, determining how these data should be collected, stored, and used by companies, public agencies, and organizations.
According to theLGPD Panel Report in the Courts, prepared by the Center for Law, Internet, and Society (Cedis-IDP) in partnership with Jusbrasil and with support from the United Nations Development Programme (UNDP Brazil), there was a significant increase in the number of judicial decisions mentioning the LGPD. Between October 2023 and October 2024, 15,921 decisions citing legislation were identified, representing a 112% increase compared to the same period of the previous year, when 7,503 decisions were recorded.
The effective application of the sanctions provided for in the law began in August 2021, after a transition period that started in 2020. Since then, the National Data Protection Authority (ANPD), responsible for overseeing compliance with the regulation, has been acting strategically. The municipality has already published technical guides, conducted public consultations, analyzed security incidents, and imposed penalties, including significant fines.
With the rapid advancement of technology and artificial intelligence, the challenges for data protection have become even more complex. Issues such as consent for the use of information in algorithm training, the explainability of automated decisions, and the application of principles of minimization and information security have become central to the ongoing compliance with the LGPD.
The concept ofprivacy by design, or privacy by design, gains prominence in this scenario, requiring organizations to adopt preventive data protection measures from the beginning of product and service development.
For the lawyer and Law professor at Itaperuna University Center, Dr. Rayla Santos, a data reinforces the need to establish a solid culture of respect for privacy. "With each anniversary of the LGPD, we are reminded that it is not just a legal regulation, but the ongoing development of a culture of respect for privacy," he states. According to her, the law arises as a response to social and technological transformations that impact the way data is handled and shared. The LGPD was inspired by international legislations, such as the GDPR of the European Union, but adapted to the Brazilian reality, representing a significant advancement in the protection of individual rights.
With the advancement of artificial intelligence, Dr. Rayla Santos believes that the application of LGPD principles such as informed consent, data minimization, and algorithmic transparency is becoming increasingly urgent. She emphasizes that companies and developers should adopt ethical practices in the use of data to train automated systems, ensuring clarity about the handling of personal information. The specialist also points out the need for solid data governance, emphasizing that legislation requires security measures and good practices from the design of technologies, in accordance with the principles ofprivacy by designandPrivacy by default.
Another point emphasized by the Afya Itaperuna specialist is the role of educational and research institutions in training professionals prepared for the challenges of digital privacy. "It is not enough to apply the LGPD mechanically. It is necessary to understand its principles and spirit. Education on data protection should expand beyond Law, reaching areas such as information technology, engineering, and social sciences," he advocates.
For the coming years, some trends are gaining relevance: the institutional strengthening of ANPD, specific regulation on artificial intelligence in dialogue with LGPD, the dissemination of data protection culture in academic and corporate environments, and the training of specialists capable of dealing with the new scenarios of the information society.
