Brazil and the European Union have taken steps to make it easier for personal data to cross the Atlantic, a move both sides described as a legal and political milestone for trade, research and the fast-growing business of digital services.
In a ceremony in Brasília, the two jurisdictions announced that they would recognize each other’s data protection regimes as “adequate,” allowing personal information to circulate “directly, securely and in a simplified way” without additional legal mechanisms for international transfers. The recognition was “paved by years of negotiations” and began to be formalized in September 2025.
Technically, the arrangement is not a treaty, having been built through unilateral but coordinated acts. The European Commission declares that Brazil offers an adequate level of protection for personal data, while Brazil, through a resolution by the National Data Protection Authority, states that the EU provides protections compatible with Brazil’s 2018 General Data Protection Law (LGPD, which itself was inspired by Europe’s own GDPR regulations).
You’re missing out on the full story
Get smarter on Brazil and Latin America
Enjoy 14-day free trial now!The full picture. The sharpest takes. All in your inbox, every day:
- 🏆 Award-winning journalism, trusted worldwide
- 📊 Exclusive charts and analyses
- 🗃️ Archive access
- 💬 Commenting
