EU and Brazil Agree on Mutual Data Protection Adequacy
The European Commission and Brazil have officially recognized each other’s data protection frameworks as equivalent by adopting mutual adequacy decisions. This recognition enables the secure and unrestricted flow of personal data between the two regions. It applies to businesses, public authorities, and researchers, providing a strong foundation for data exchanges under robust privacy safeguards.
This agreement is expected to significantly enhance digital trade between the EU and Brazil by reducing compliance costs and offering legal certainty for companies operating across both jurisdictions. It supports European businesses expanding into Brazil and Brazilian firms entering the EU market. Together, the EU and Brazil now form the world’s largest area for safe cross-border data transfers, benefiting approximately 670 million consumers.
The adequacy decisions are based on Brazil’s 2018 General Data Protection Law, which aligns closely with the EU’s General Data Protection Regulation (GDPR). The establishment of an independent National Data Protection Authority in Brazil ensures effective oversight, enforcement, and protection of personal data. The European Data Protection Board gave positive opinions on the decision, which was subsequently approved by EU Member States.
These mutual adequacy decisions complement the EU-Mercosur Partnership Agreement and Interim Trade Agreement signed earlier in January. The European Commission will review the functioning of the adequacy decisions after four years to ensure continued compliance. This development further strengthens trade relations and reflects a shared commitment to a rules-based international framework for data protection.
