Employee Data Privacy

Brazil - Data Privacy Laws and Regulations

 Download as a PDF

What laws apply to the collection and use of individuals’ personal information?

Data privacy laws have become more prominent in recent years. As the amount of personal information available online has grown substantially, there has been an enhanced focus on the processing of personal data, as well as the enforcement of such laws.

Brazil has a patchwork of rules and laws relating to employee data privacy, including the:

  • Federal Constitution: Sets the basic framework and gives individuals the right to privacy as well as the right to compensation for economic and non-financial damages.
  • Resolution 3/2009: Outlines privacy principles from Brazil’s Internet Steering Committee.
  • Internet Law (12,965/2014): Outlines the principles for privacy and personal data protection, including requiring express consent from data subjects. Decree 8771, which relates to the law, sets the guidelines that should be followed.
  • General Data Privacy Law (13,709/2018): This law, which goes into effect in February 2020 modifies the Internet Law and is Brazil’s first official data privacy framework. This law will impact how personal data is processed in Brazil and shares some similarities to the European Union’s General Data Protection Regulation.

The Brazilian Consumer Protection Code (8078/1990), the Law on Public and Private Archives, the Bank Secrecy Act (Complementary Law 105/2001) and the Civil Code (10,406/2002) also include references to privacy and data protection.


There is currently no designated authority responsible for enforcement of data privacy law and regulations in Brazil. The National Telecommunications Agency and National Consumer Protection Secretary do have some responsibilities:

National Telecommunications Agency

Consumer Protection Secretary


Led by PeopleDoc’s Chief Legal & Compliance Officer, the HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers, including the global law firm Morgan Lewis, to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where PeopleDoc’s customers have employees. HR Compliance Assist is a service exclusively available to PeopleDoc customers.

Share Your Feedback

Let's Talk