---
title: "Brazil LGPD vs CCPA and CPRA"
canonical_url: "https://www.sorena.io/artifacts/latam/brazil-lgpd/lgpd-vs-ccpa"
source_url: "https://www.sorena.io/artifacts/latam/brazil-lgpd/lgpd-vs-ccpa"
author: "Sorena AI"
description: "Grounded comparison of Brazil LGPD and CCPA or CPRA covering scope logic, legal basis model, rights timing, cross-border governance, and reusable controls."
published_at: "2026-02-21"
updated_at: "2026-02-21"
keywords:
  - "Brazil LGPD vs CCPA"
  - "LGPD CPRA comparison"
  - "Brazil California privacy"
  - "privacy control reuse"
  - "LGPD versus CCPA"
  - "LGPD CCPA comparison"
---
**[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform

[Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io)

---

# Brazil LGPD vs CCPA and CPRA

Grounded comparison of Brazil LGPD and CCPA or CPRA covering scope logic, legal basis model, rights timing, cross-border governance, and reusable controls.

*Comparison Guide* *Brazil and California*

## Brazil LGPD vs CCPA and CPRA

These laws protect individuals in different structural ways.

LGPD is a general privacy law built around lawful bases and ANPD oversight. CCPA and CPRA use a consumer-rights and business-threshold model with different operating assumptions.

A reusable control model is possible across Brazil and California, but only if the team respects the structural differences. The Brazil side is built around legal bases, DPO, transfer mechanisms, and ANPD procedure, while the California side emphasizes notice, opt-out, sale or share logic, and business thresholds.

## The legal architecture is different from the start

LGPD applies through territorial and collection logic under Article 3 and regulates processing broadly. CCPA and CPRA rely on business thresholds and consumer-rights architecture rather than a lawful-basis system.

That means the same inventory or retention control can be reused, but the legal explanation around it will differ.

- LGPD asks which Article 7 or 11 basis supports the purpose
- CCPA or CPRA asks whether the business meets threshold and notice or opt-out duties
- One operating control can serve both only when the legal appendix stays distinct

## Rights handling overlaps but does not align perfectly

Both regimes require intake, identity verification, search, response, and logging. LGPD then adds its own immediate or 15 day access logic and Article 20 automated-decision review route.

California request categories and response logic need their own overlay even if the same case system is reused.

- Reuse request intake tooling where possible
- Separate timing, content, and denial rules by jurisdiction
- Keep jurisdiction tags on every case record

## International transfer and vendor governance differ sharply

Brazil requires a distinct transfer mechanism analysis under Article 33 and ANPD rules. California does not create an equivalent adequacy and clause system, but it does impose contract structure and downstream vendor restrictions.

Vendor governance should therefore be shared at the control level and split at the legal language level.

- Use one vendor inventory and risk review process
- Keep Brazil transfer clauses and California service-provider logic separate
- Document which vendor terms satisfy which jurisdictional duty

## Build one privacy program with jurisdiction overlays

The efficient model is one baseline for inventory, rights tooling, security, incident management, and vendor review, plus jurisdiction-specific overlays for legal basis, opt-out logic, transfer rules, and regulator interaction.

That lets teams reuse evidence while still answering ANPD and California questions in the correct legal language.

- Centralize evidence and localize legal interpretation
- Review the overlay set whenever a law or regulator guidance changes
- Train teams on the points where reuse stops

*Recommended next step*

*Placement: after the comparison section*

## Use Brazil LGPD vs CCPA and CPRA as a cited research workflow

Research Copilot can take Brazil LGPD vs CCPA and CPRA from how this topic compares with adjacent regulations or standards to a reusable workflow inside Sorena. Teams working on Brazil LGPD can keep owners, evidence, and next steps aligned without copying this guide into separate documents.

- [Open Research Copilot for Brazil LGPD vs CCPA and CPRA](/solutions/research-copilot.md): Start from Brazil LGPD vs CCPA and CPRA and answer scope, timing, and interpretation questions with cited outputs.
- [Talk through Brazil LGPD](/contact.md): Review your current process, evidence gaps, and next steps for Brazil LGPD vs CCPA and CPRA.

## Primary sources

- [Lei No. 13.709/2018 (LGPD)](https://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm?ref=sorena.io) - Primary legal text for the Brazil side of the comparison.
- [ANPD guide for controllers, processors, and DPOs (May 2021)](https://www.gov.br/anpd/pt-br/documentos-e-publicacoes/2021.05.27GuiaAgentesdeTratamento_Final.pdf?ref=sorena.io) - Official ANPD guide relevant to role and governance comparison.

## Related Topic Guides

- [ANPD Enforcement and Fines | Brazil LGPD Inspection, Procedure, and Sanctions](/artifacts/latam/brazil-lgpd/anpd-enforcement-and-fines.md): Grounded ANPD enforcement guide covering inspection procedure, sanctions progression, Article 52 factors, Resolution CD ANPD No.
- [Brazil LGPD Applicability Test | Article 3 Scope, Article 4 Exclusions, Roles](/artifacts/latam/brazil-lgpd/applicability-test.md): Grounded Brazil LGPD applicability test covering Article 3 territorial reach, Article 4 exclusions, controller versus operator allocation.
- [Brazil LGPD Checklist | Scope, Rights, Incidents, Transfers, Evidence](/artifacts/latam/brazil-lgpd/checklist.md): Audit-ready Brazil LGPD checklist covering scope, role allocation, lawful bases, rights timing, DPO disclosure, security, incident reporting.
- [Brazil LGPD Compliance Program Guide](/artifacts/latam/brazil-lgpd/compliance.md): Build a grounded Brazil LGPD compliance program around scope, lawful bases, rights, records, incident reporting, transfers, DPO, and ANPD-ready evidence.
- [Brazil LGPD Data Subject Rights | Articles 18 to 20 and 15 Day Access Rule](/artifacts/latam/brazil-lgpd/data-subject-rights.md): Grounded Brazil LGPD rights guide covering Articles 18 to 20, free requests, immediate simplified confirmation, full access declaration within 15 days.
- [Brazil LGPD Deadlines and Compliance Calendar](/artifacts/latam/brazil-lgpd/deadlines-and-compliance-calendar.md): Brazil LGPD compliance calendar covering key legal and ANPD milestones plus recurring duties for rights, incidents, transfers, training.
- [Brazil LGPD DSAR Response Template | Immediate and 15 Day Response Logic](/artifacts/latam/brazil-lgpd/lgpd-dsar-response-template.md): Use a Brazil LGPD DSAR response template aligned to Articles 18 and 19, immediate simplified response, full declaration within 15 days, denial rationale.
- [Brazil LGPD FAQ | Scope, Rights, Incidents, Transfers, Enforcement](/artifacts/latam/brazil-lgpd/faq.md): Practical Brazil LGPD FAQ answering common scope, lawful basis, rights, incident, transfer, DPO, and enforcement questions using the law and ANPD guidance.
- [Brazil LGPD Incident Reporting and Breach Notification](/artifacts/latam/brazil-lgpd/breach-notification.md): Grounded Brazil LGPD incident reporting guide covering Article 48, ANPD Resolution CD ANPD No.
- [Brazil LGPD International Transfers | Articles 33 to 35 and ANPD Transfer Mechanisms](/artifacts/latam/brazil-lgpd/international-transfers.md): Grounded Brazil LGPD transfer guide covering Articles 33 to 35, adequacy, ANPD standard contractual clauses, specific clauses, binding corporate rules.
- [Brazil LGPD Lawful Bases | Article 7, Article 11, Legitimate Interest](/artifacts/latam/brazil-lgpd/lawful-bases.md): Grounded Brazil LGPD lawful basis guide covering Article 7 and 11 bases, consent rules, ANPD legitimate interest guide, sensitive data.
- [Brazil LGPD Penalties and Fines | Article 52 and ANPD Dosimetry](/artifacts/latam/brazil-lgpd/penalties-and-fines.md): Grounded Brazil LGPD penalties guide covering Article 52 sanctions, 2 percent fine cap, R$50 million limit per infraction, publicization, blocking, deletion.
- [Brazil LGPD Requirements | Articles, Controls, Evidence, and ANPD Guidance](/artifacts/latam/brazil-lgpd/requirements.md): Operational Brazil LGPD requirements map covering scope, lawful bases, transparency, rights, records, DPO, security, incidents, transfers.
- [Brazil LGPD Templates | DSAR, Incident, Basis, Transfer, Governance](/artifacts/latam/brazil-lgpd/templates.md): Practical Brazil LGPD template library priorities covering DSAR responses, incident communications, lawful basis records, transfer assessments.
- [Brazil LGPD vs GDPR | Similarities, Differences, and Control Reuse](/artifacts/latam/brazil-lgpd/lgpd-vs-gdpr.md): Grounded comparison of Brazil LGPD and GDPR covering scope, lawful bases, rights timing, DPO rules, transfer mechanisms, incident reporting.


---

[Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us)

(c) 2026 Sorena AB (559573-7338). All rights reserved.

Source: https://www.sorena.io/artifacts/latam/brazil-lgpd/lgpd-vs-ccpa