Legal Basis GuideArticles 7 and 11

Brazil LGPD Lawful Bases

Select the basis by purpose, necessity, and risk, not by convenience.

The lawful basis decision affects notices, rights logic, retention, incident analysis, transfer statements, and sanctions exposure.

Back to main artifactReview sources
Author
Sorena AI
Published
Feb 21, 2026
Updated
Feb 21, 2026
Sections
4

Structured answer sets in this page tree.

Primary sources
3

Cited legal and guidance references.

Publication metadata
Sorena AI
Published Feb 21, 2026
Updated Feb 21, 2026
Overview

Article 7 contains the legal bases for ordinary personal data, while Article 11 does the same for sensitive personal data. The ANPD legitimate interest guide published in February 2024 adds a practical test for purpose, necessity, balancing, and safeguards, and also warns that legitimate interest is not available for sensitive personal data.

Section 1

Start with purpose and data type before choosing the basis

Basis selection starts with the processing purpose and the nature of the data. If the processing involves sensitive personal data, the controller needs to move to Article 11, not Article 7.

The same use case can change basis if the purpose changes. That is why the lawful basis register needs version control and review after product, HR, analytics, or vendor changes.

  • Write the purpose in concrete business and user terms
  • Classify whether the data includes sensitive personal data
  • Record why alternative bases were rejected
Section 2

Use consent with the actual Article 8 requirements

Where consent is the basis, Article 8 requires written or otherwise provable manifestation of will, and if it is written it must appear in a clause highlighted from the rest of the contract. Generic authorizations are null.

Consent can be revoked at any time by a free and easy procedure, and the controller bears the burden of proving that consent was obtained lawfully.

  • Capture consent by specific purpose and keep proof
  • Make withdrawal free and easy to use
  • Update notices and downstream sharing records when consent terms change
Section 3

Run legitimate interest with the ANPD balancing model

The ANPD legitimate interest guide treats legitimate interest as a structured analysis, not as a fallback basis. The guide organizes the test around purpose, necessity, balancing, and safeguards.

The same guide confirms that legitimate interest is not a basis for sensitive personal data because it appears only in Article 7 and not in Article 11.

  • Define the legitimate interest in concrete and non-speculative terms
  • Test whether a less intrusive means could achieve the same purpose
  • Document balancing, safeguards, and the final decision in a retained record
Section 4

Handle children and adolescents with the best-interest rule

Article 14 requires processing of children and adolescents data to be in their best interest. Article 14 paragraph 1 specifically requires highlighted consent from at least one parent or legal guardian for children data, but ANPD Statement No. 1 of 2023 clarifies that the treatment of children and adolescents data may also rely on the legal bases in Articles 7 or 11 when the best interest requirement is observed in the concrete case.

That means teams should not assume a single automatic basis for every youth-facing product flow. They should, however, expect stricter documentation and safeguards.

  • Assess best interest explicitly in every children or adolescents use case
  • Use child consent when that is the most appropriate basis and meet the highlighted-consent rule
  • Escalate uses of legitimate interest or other flexible bases for legal review and stronger safeguards
Recommended next step

Use Brazil LGPD Lawful Bases as a cited research workflow

Research Copilot can take Brazil LGPD Lawful Bases from getting cited answers and faster research on this topic to a reusable workflow inside Sorena. Teams working on Brazil LGPD can keep owners, evidence, and next steps aligned without copying this guide into separate documents.

Research workflow
Open Research Copilot for Brazil LGPD Lawful Bases

Start from Brazil LGPD Lawful Bases and answer scope, timing, and interpretation questions with cited outputs.

Explore next step
Talk to Sorena
Talk through Brazil LGPD

Review your current process, evidence gaps, and next steps for Brazil LGPD Lawful Bases.

Explore next step
Primary sources

References and citations

ANPD home page
gov.br
Referenced sections
  • Official ANPD portal for the February 2024 legitimate interest guidance and related materials.
ANPD Statement No. 1/2023
in.gov.br
Referenced sections
  • Official ANPD interpretation on legal bases for children and adolescents data.
Related guides

Explore more topics

ANPD Enforcement and Fines | Brazil LGPD Inspection, Procedure, and Sanctions
Grounded ANPD enforcement guide covering inspection procedure, sanctions progression, Article 52 factors, Resolution CD ANPD No.
Brazil LGPD Applicability Test | Article 3 Scope, Article 4 Exclusions, Roles
Grounded Brazil LGPD applicability test covering Article 3 territorial reach, Article 4 exclusions, controller versus operator allocation.
Brazil LGPD Checklist | Scope, Rights, Incidents, Transfers, Evidence
Audit-ready Brazil LGPD checklist covering scope, role allocation, lawful bases, rights timing, DPO disclosure, security, incident reporting.
Brazil LGPD Compliance Program Guide
Build a grounded Brazil LGPD compliance program around scope, lawful bases, rights, records, incident reporting, transfers, DPO, and ANPD-ready evidence.
Brazil LGPD Data Subject Rights | Articles 18 to 20 and 15 Day Access Rule
Grounded Brazil LGPD rights guide covering Articles 18 to 20, free requests, immediate simplified confirmation, full access declaration within 15 days.
Brazil LGPD Deadlines and Compliance Calendar
Brazil LGPD compliance calendar covering key legal and ANPD milestones plus recurring duties for rights, incidents, transfers, training.
Brazil LGPD DSAR Response Template | Immediate and 15 Day Response Logic
Use a Brazil LGPD DSAR response template aligned to Articles 18 and 19, immediate simplified response, full declaration within 15 days, denial rationale.
Brazil LGPD FAQ | Scope, Rights, Incidents, Transfers, Enforcement
Practical Brazil LGPD FAQ answering common scope, lawful basis, rights, incident, transfer, DPO, and enforcement questions using the law and ANPD guidance.
Brazil LGPD Incident Reporting and Breach Notification
Grounded Brazil LGPD incident reporting guide covering Article 48, ANPD Resolution CD ANPD No.
Brazil LGPD International Transfers | Articles 33 to 35 and ANPD Transfer Mechanisms
Grounded Brazil LGPD transfer guide covering Articles 33 to 35, adequacy, ANPD standard contractual clauses, specific clauses, binding corporate rules.
Brazil LGPD Penalties and Fines | Article 52 and ANPD Dosimetry
Grounded Brazil LGPD penalties guide covering Article 52 sanctions, 2 percent fine cap, R$50 million limit per infraction, publicization, blocking, deletion.
Brazil LGPD Requirements | Articles, Controls, Evidence, and ANPD Guidance
Operational Brazil LGPD requirements map covering scope, lawful bases, transparency, rights, records, DPO, security, incidents, transfers.
Brazil LGPD Templates | DSAR, Incident, Basis, Transfer, Governance
Practical Brazil LGPD template library priorities covering DSAR responses, incident communications, lawful basis records, transfer assessments.
Brazil LGPD vs CCPA and CPRA | Structure, Rights, Enforcement, and Reuse
Grounded comparison of Brazil LGPD and CCPA or CPRA covering scope logic, legal basis model, rights timing, cross-border governance, and reusable controls.
Brazil LGPD vs GDPR | Similarities, Differences, and Control Reuse
Grounded comparison of Brazil LGPD and GDPR covering scope, lawful bases, rights timing, DPO rules, transfer mechanisms, incident reporting.