Skip to main content

The Brazilian Data Protection Authority´s Regulatory Sandbox Pilot Program on Artificial Intelligence and Data Protection: A Brief Overview.


The current debates on artificial intelligence create a timely opportunity for the development of mechanisms that balance the promotion of innovation and the protection of fundamental rights, such as privacy and data protection. This article presents a brief overview of The Brazilian Data Protection Authority´s Regulatory Sandbox Pilot Program on Artificial Intelligence and Data Protection as a potencial regulatory tool for artificial intelligence.

In the middle of last year, the Brazilian National Data Protection Authority (“ANPD”) announced the development of a regulatory sandbox pilot program on artificial intelligence (“AI”) and personal data protection, in technical cooperation with the Development Bank of Latin America and the Caribbean (“CAF”).

A regulatory sandbox is a controlled testing environment created for collaborative experimentation between the regulator, the regulated entity and other stakeholders, such as technology and innovation companies, academics, and civil society organizations. Its purpose is to test innovations within a regulatory framework, adopting a structured and secure methodology.

In this context, the ANPD`s pilot program aims to create a controlled environment to test and analyze AI-related technologies developed by participants, in order to foster innovation, establish a multi-sectoral environment for dialogue and knowledge sharing, promote algorithmic transparency and implement best practices to ensure compliance with fundamental rights protection standards, especially the Brazil’s Data Protection Law (“LGPD”).

In short, the ANPD claims that the implementation of the sandbox will enhance the understanding of emerging technologies, combining the continuity of innovation and the development of ethical regulatory frameworks for AI, in accordance with the strategic actions outlined in the Brazilian AI National Strategy (“EBIA”).

Therefore, in order to structure the project, the ANPD has gathered several examples of sandbox programs being developed by other Data Protection Authorities (“DPAs”) around the world, such as United Kingdom’s Information Commissioner’s Office (“ICO”); Singapore’s Personal Data Protection Commissioner (“PDPC”); Colombia’s Superintendencia de Industria y Comercio (“SIC”); Norway’s Datatilsynet and France’s Commission Nationale de l’Informatique et des Libertés (“CNIL”).

According to the ANPD, the sandbox project is expected to span over 18 to 24 months, starting from the call for proposals and ending with the publication of the final reports and outcomes. Currently, the program is at the stage of evaluating the 71 contributions received through the Call for Contributions, wich allowed the stakeholders to provide relevant informations in order to help shape the sandbox’s structure. Among the contributions, 35 came from private entities or economic groups; 5 from the public sector; 10 from civil society; 6 from the academy; and 15 from citizens. Furthermore, 66 originated from Brazil and 5 came from abroad.

In conclusion, the ANPD's regulatory sandbox pilot program – which was mentioned in the Artificial Intelligence Governance Report, published by the World Economic Forum, as an exemplary initiative - could become an important regulatory tool for the emerging technologies by balancing the promotion of innovation and the protection of fundamental rights, such as privacy and data protection, bringing good visibility to the practical effects of a regulation aimed at AI.


Article provided by INPLP member: Fábio Lacaz (ALV Advogados, Brazil)



Discover more about the INPLP and the INPLP-Members

Dr. Tobias Höllwarth (Managing Director INPLP)

Cloud Privacy Check (CPC). Data Privacy Compliance in the Cloud Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.


About Us

EuroCloud is an independent non-profit organization and consists of a two-tier setup where organisations form all European countries can apply to participate in as long as they respect the EuroCloud Statutes.

To act as a true European player, all programs that are developed are intended to be European activities. These European programs are the strength of EuroCloud as a whole. Respect to local cultures along with the will to promote a real European spirit.