Latest Posts:
Search for:

Analyzing critical legal trends and developments across data, cyber, AI and digital regulations from around the world and beyond borders

In Data

Brazil: ANPD publishes Map of Priority Issues for Oversight and Regulatory Action (2026-2027 biennium) and update of the Regulatory Agenda for the 2025-2026 biennium

by , and 3 Mins Read

On 24 December 2025, the Brazilian Data Protection Agency (ANPD) published Resolution CD/ANPD No. 30, which establishes the map of priority issues for oversight and regulatory action for the 2026-2027 biennium, and Resolution CD/ANPD No. 31/2025, which updates the regulatory agenda for the 2025-2026 biennium.

The map defines the central axes for the ANPD’s enforcement, monitoring, and institutional activities, aligning with the General Data Protection Law (LGPD) and the Digital Child and Adolescent Statute (“Digital ECA“) (Law No. 15,211/2025). The regulatory agenda incorporates topics related to the Digital ECA and the protection of children’s and adolescents’ data, in addition to improving rules for enforcement, sanctions, and normative production.

The joint publication of these resolutions aims to establish coordinated action by the ANPD in the regulation and oversight of matters related to data protection and the Digital ECA, promoting greater transparency and legal certainty. More complex issues, such as the verification of users’ ages, will initially be addressed through regulatory and guidance actions and, at a later stage, will be subject to enforcement and possible administrative sanctions.

In depth

Priority issues (2026–2027)

The prioritized topics will take precedence in the selection of cases, the initiation of enforcement proceedings, and the allocation of ANPD resources. They also guide the initiatives set out on the regulatory agenda and are structured around four main areas:

  1. Data subject rights — Ensuring the effectiveness of LGPD rights, with special attention to sensitive data and its use for advertising.
  2. Protection of children and adolescents — Compliance with the Digital ECA, including privacy by default, age verification, and blocking of inappropriate content.
  3. Public authorities — Compliance with the LGPD, governance, and data sharing.
  4. AI and emerging technologies — Supervision of the use of personal data, including children’s data, in new technologies.

Regulatory agenda 2025-2026

The update includes three new topics related to the Digital ECA: age verification mechanisms; obligations of technology providers; and revision of enforcement and sanctioning rules. It also includes improvements to the agency’s rules for enforcement, sanctions, and rulemaking, such as participation by interested third parties, procedural stages and deadlines, public consultations, Regulatory Impact Analysis (RIA), and Regulatory Outcome Assessment (ROA). The item on the processing of children’s and adolescents’ data will be addressed in specific initiatives, such as the future regulation on age verification.

Entry into force

Both resolutions came into force on the date of their publication.

Additional author:

LOGO_TrenchRossiWatanabe_Brazil

Trench Rossi Watanabe and Baker McKenzie have executed a strategic cooperation agreement for consulting on foreign law.

Categories:
Tags:
Author

Flavia Rebello is a partner at Trench Rossi Watanabe. Her practice includes data protection, licensing, sourcing and transactions, franchising and e-commerce and Internet. She is also a regional leader for the IPTech practice in Latin America.

Author

Marcela is a partner in the IPTech practice at Trench Rossi Watanabe.

Author

Flavia is a partner at Trench Rossi Watanabe* and is based in São Paulo. She has more than 15 years of experience in the areas of intellectual property, franchise, technology transfer, social media and unfair competition. *Trench Rossi Watanabe and Baker McKenzie have executed a strategic cooperation agreement for consulting on foreign law.

Related Posts