FPF releases Issue Brief on Brazil’s Digital ECA: new paradigm of safety & privacy for minors online

This Issue Brief analyzes Brazil’s recently enacted children’s online safety law, summarizing its key provisions and how they interact with existing principles and obligations under the country’s general data protection law (LGPD). It provides insight into an emerging paradigm of protection for minors in online environments through an innovative and strengthened institutional framework, focusing on how it will align with and reinforce data protection and privacy safeguards for minors in Brazil and beyond.

This Issue Brief summarizes the Digital ECA’s most relevant provisions, including:

● Broad extraterritorial scope: the law applies to all information technology products and services aimed at or likely to be accessed by minors, with extraterritorial application.
● “Likelihood of access” of a technology service or product as a novel standard, composed of three elements: attractiveness, ease of use, and potential risks to minors.
● Provisions governed by the principle of the “best interest of the child,” requiring providers to prioritize the rights, interests, and safety of minors from the design and throughout their operations.
● Online safety by design and by default, mandating providers to adopt protective measures by design and monitor them throughout the operation of the service or product, including age verification mechanisms and parental supervision tools.
● Age rating as novelty, requiring providers to maintain age rating policies and continuously assess their content based on such rating.
● Enforcement of the law is assigned to the ANPD, which was transformed into a regulatory agency with increased and strengthened powers to monitor its compliance, in addition to its responsibilities under the data protection law.
● Significant sanctions under the Digital ECA, which can range from warnings and fines up to 10% of a company’s revenue to the permanent suspension of activities in Brazil.