In May, the Brazilian National Data Protection Authority (ANPD) released the results of the Public Consultation on artificial intelligence and the review of automated decision-making processes, considered a strategic step within the 2025/2026 Regulatory Agenda. The initiative had, as one of its goals, the regulation of Article 20 of the Brazilian Data Protection Law (LGPD), which establishes the right to review decisions made exclusively by automated means, without human intervention.
During the public consultation, ANPD received a total of 124 contributions from various sectors of society, including technology companies, government bodies, civil society organizations, academics, and privacy and data protection experts.
ANPD’s report, consolidated in Technical Note No. 12/2025/CON1/CGN/ANPD, highlights that, despite differing perspectives, there was consensus on the need for safeguards to ensure data subject rights. Examples of recommended measures include the anonymization of personal data, the development of privacy impact assessments and the adoption of efficient and transparent governance upon the use of AI.
The document also highlights significant divergences on key issues, such as the mandatory use of anonymized or synthetic data in all automated processes and the scope of the right to rectification of data used in automated decisions. While some participants argued that anonymization should be mandatory to ensure privacy and security for data subjects, others contended that the technique should be seen merely as a best practice, since there is no explicit legal requirement for its use.Regarding the right to rectification, opinions varied on the extent to which the data subject should be able to correct or challenge the data used to support these decisions.
The contributions submitted also reinforced the importance of transparency in the use of AI, ensuring that data subjects have clear and understandable access to information about how their data is used and how decisions are made. Another key point highlighted was the need to carry out data protection impact assessments (through the Data Protection Impact Assessment – DPIA) to identify and mitigate risks related to data processing in AI systems.
This set of suggestions and discussions will serve as the foundation for ANPD’s future regulation on automated decisions, fostering a regulatory environment with greater legal certainty and enhanced protection of data subject rights.
For more information, access Technical Note No. 12/2025/CON1/CGN/ANPD, available here.