Generative AI Platforms Face Transparency Challenges Under Brazil’s Data Protection Law

Law Study Assesses Generative AI Platforms' Compliance with LGPD in Personal Data Processing

As generative AI platforms gain traction, evaluating their adherence to the General Data Protection Law (LGPD) becomes crucial. This study inspects how these platforms manage legal obligations related to personal data—from the training phase to service delivery. The analysis relies on official company documents, focusing on compliance with key LGPD requirements and regulations issued by the National Data Protection Authority (ANPD).

The findings reveal significant transparency shortcomings across platforms, raising concerns over effective enforcement and application of data protection laws.

Generative AI and Data Protection Challenges

Generative AI has accelerated content creation across education, healthcare, technology, and more. While these advances offer clear benefits, they also bring challenges regarding personal data protection. The LGPD establishes strict rules for handling personal information, which generative AI models often process in large volumes, sometimes including identifiable data.

This situation prompts questions about the practices used for data collection, storage, and utilization, alongside compliance with existing legislation. Moreover, the reliance on foreign AI providers introduces issues related to digital sovereignty and the capacity of national regulators to oversee these services effectively.

Study Scope and Objectives

This research, part of the Platform Governance and Data Regulations project at the FGV Rio Law Technology and Society Center, examined major generative AI platforms. Selection criteria included the number of downloads within the first 10 days post-launch in app stores, according to Statista (2025). Meta AI was also analyzed due to its strong presence in the Brazilian market.

The assessment focused on each platform's privacy policy, evaluating their transparency and accountability according to LGPD and ANPD standards.

Key Evaluation Criteria

• Availability of privacy policies in Portuguese;
• Clarity and accessibility of information presented to users;
• Transparency regarding the collection and use of personal data;
• Details about international data transfers.

Meeting these criteria is essential for Brazilian users to understand how their data is processed and to exercise their rights under current legislation.

For legal professionals working with AI and data protection, staying informed about platform compliance is critical. Continuous monitoring and clear regulatory guidelines will help safeguard personal data across emerging technologies.

More resources on AI and data privacy can be found at Complete AI Training.