Study assesses how generative AI platforms fulfill legal obligations in the processing of personal data
The analysis is based on official company documentation, verifying compliance with key LGPD criteria and ANPD regulations
With the growing adoption of generative AI platforms, the need arises to assess their alignment with the General Data Protection Law (LGPD). This study examines how these platforms fulfill legal obligations in the processing of personal data, from model training to service provision. The analysis is based on official company documentation, verifying compliance with key LGPD criteria and ANPD regulations. The results indicate widespread transparency failures, challenging the enforcement and application of legislation.
The popularization of generative AI has driven content creation in various formats, bringing benefits and challenges to sectors such as education, health, and technology. However, these advances also raise questions about personal data protection, especially in light of the LGPD, which sets guidelines for the processing of such information.
Generative AI models use large volumes of data for training, often including identifiable personal information. This raises concerns about data collection, storage, and use, as well as compliance with current legislation. Additionally, dependence on foreign AI services raises questions about digital sovereignty and national regulatory capacity.
This study examines how generative AI platforms operate within the scope of the LGPD, identifying gaps in legislation compliance and proposing guidelines to ensure transparency, security, and legal compliance.
Methodology
The research is part of the Platform Governance and Data Regulations project, at the FGV Rio Law Technology and Society Center. Major generative AI platforms were analyzed based on the number of downloads in the first 10 days after launch in app stores, according to data from Statista (2025). Meta AI was also included due to its relevance in the Brazilian market.
The assessment was conducted based on the platforms' privacy policies, verifying whether they meet the transparency and accountability obligations established by the LGPD and ANPD regulations. The study considered essential criteria such as:
- Availability of the privacy policy in Portuguese;
- Clarity and accessibility of information;
- Transparency about the collection and use of personal data;
- Specifications on international data transfer.
Compliance with these criteria is essential to ensure that Brazilian users understand how their data is used and can exercise their rights based on current legislation.
Click here to access the complete guide.
Leia também