Brazil's ANPD Brings Its Regulatory Agenda to the IAPP Global Privacy Summit 2026 in Washington

Brazil's National Data Protection Authority participated in the IAPP Global Privacy Summit 2026 in Washington, one of the leading international forums on privacy, artificial intelligence governance, and digital regulation. The presence reinforces the ANPD's consistent move to expand its international projection and position Brazil as an active player in global data protection discussions. Director-President Waldemar Gonçalves highlighted the authority's regulatory and enforcement advances in recent years, with emphasis on themes at the center of Brazil's national agenda: data subject rights, artificial intelligence, biometric data, and the protection of children and adolescents in digital environments. ## AI Regulatory Sandbox Advances to Testing Phase One of the most closely watched points in the presentation was the ANPD's AI Regulatory Sandbox, which is advancing to the testing phase of selected projects. The sandbox provides a controlled environment where companies can test innovative AI solutions under regulatory supervision before full compliance requirements apply. Brazil's approach mirrors similar initiatives from regulators in the UK, Singapore, and the European Union. ## Digital Child Protection and the ECA Digital The expansion of ANPD's regulatory responsibilities to cover the protection of children and adolescents in digital environments reflects a global trend: data regulators are taking a more central role in platform governance for younger users. Platforms collecting or processing data from minors in Brazil must now navigate a framework combining the LGPD, the ECA, and ANPD-specific guidelines. ## Risk-Based and Evidence-Driven Regulation A key signal from Washington was the ANPD's shift toward a risk-based, evidence-driven, and social impact-oriented regulatory posture, particularly for complex technological contexts. This approach, already guiding regulators like the UK's ICO and France's CNIL, means organizations processing high-risk data (health, finance, automated decision-making) should expect closer regulatory attention, while lower-risk operations gain more operational flexibility. Brazil's participation in the IAPP Global Summit, combined with its London mission with the ICO and engagement in the Global Privacy Assembly, signals a deliberate strategy to build regulatory influence in multilateral privacy and AI standard-setting discussions.