PERSONAL DATA PROTECTION IN THE DIGITAL AGE: A COMPARATIVE STUDY BETWEEN BRAZIL’S LGPD AND THE EUROPEAN GDPR

Abstract

This paper analyzes how - and to what extent - Brazil’s General Data Protection Law (LGPD) and the European Union’s General Data Protection Regulation (GDPR) safeguard personal data subjects. It assesses compliance costs and enforcement barriers within the landscape of “surveillance capitalism”, comparing the statutes’ legal bases, data‑subject rights, organizational obligations, and sanctions. A qualitative methodology grounded in bibliographic and documentary review reveals that the GDPR benefits from greater regulatory maturity and consistent oversight, whereas the LGPD still contends with institutional strengthening of Brazil’s National Data Protection Authority (ANPD) and the spread of a robust compliance culture. The study underscores the need for normative harmonization and incentives for responsible innovation to achieve effective personal data protection without hindering technological development. It concludes that supplementary regulations, sustained enforcement, and strong data‑governance practices are essential to overcome current limitations and keep pace with evolving digital technologies.