Insights

Brazil’s Data Protection Authority sets guidance on age assurance under digital child protection framework

On March 20, 2026, Brazil’s Data Protection Authority issued preliminary guidance on reliable age assurance mechanisms.

The guidance aims to support companies providing digital services to children and adolescents.

The key shift is clear.

Age verification is no longer a technical feature.

It is part of regulatory compliance and data governance.

Risk and proportionality as key principles

Companies must adopt solutions proportionate to the risks associated with their services.

A risk-based approach becomes essential.

Two-layer risk assessment

Organizations must assess both the risks of the service and the risks of the age assurance mechanism itself, especially when sensitive data is involved.

Implications for companies

Failure to implement appropriate measures may lead to sanctions.

Improper implementation may create additional compliance risks.

Strategic approach

Age assurance must be integrated into governance frameworks, aligning legal, product and technology teams.

Conteúdo relacionado

Improper use of former employee image may lead to indemnification and highlights corporate governance risks

Brazil’s Data Protection Authority becomes a full regulatory agency with enforcement powers

Brazil’s Data Protection Authority formally notifies DPO in landmark enforcement action

MENU

Fale conosco
+55 (21) 99073 4906
contato@pdka.com.br