Brazil: National Data Protection Agency adopted Resolution No. 32 recognising European Union as providing an adequate level of personal data protection for international data transfers

On 26 January 2026, the National Data Protection Agency (ANPD) adopted Resolution No. 32, recognising the European Union as providing a level of personal data protection adequate to that provided for in the General Personal Data Protection Law (LGPD). The adequacy decision authorises international data transfers under Article 33(I) LGPD to all European Union Member States, the European Economic Area, European Free Trade Association States Iceland, Liechtenstein and Norway, and European Union institutions, bodies and agencies. It excludes transfers carried out exclusively for public security, national defence, state security, or activities related to the investigation and prosecution of criminal offences. The resolution provides for cooperation mechanisms and continuous monitoring by the ANPD, requires reassessment within four years, preserves the use of other international data transfer mechanisms provided for in Article 33 LGPD, and provides that it enters into force on the date of publication.