The topics of information security, privacy, and data protection for children and adolescents were the subject of other articles I published here less than a year ago. Education and privacy MUST go hand in hand. e ECA Digital: what's new, after all?
At the end of last year, the National Data Protection Agency (ANPD) published the Map of Priority Themes for oversight in 2026-2027 and an update to the 2025-2026 Regulatory Agenda. The Agency publicized how it will develop oversight activities to ensure compliance with the Digital Statute for Children and Adolescents (ECA Digital) by society, in addition to the General Data Protection Law (LGPD).
For those who have spent the last few months believing that talking about protecting children's data in the digital world was just a commotion after the impactful statements of influencer Felca, I have news: the subject will continue to be relevant in 2026, and that's a good thing.
Coordinated action
With the ANPD's designation in September 2025 as the central authority for overseeing the Digital Statute of Children and Adolescents (ECA Digital), the Regulatory Agenda for the 2025-2026 biennium introduced three new topics related to the legislation in question: age verification mechanisms; suppliers of information technology products or services; and the oversight and enforcement of the Digital Statute of Children and Adolescents. To establish these topics, the ANPD relied on information provided by the public, including data from inspections, incident reports, and requests collected by the regulatory body over the previous two years.
The icing on the cake was added more recently with the historic decision recognizing mutual adequacy between Brazil and the European Union regarding the protection of personal data. In a coordinated action, the two blocs unilaterally decided that both offer equivalent protection in the processing of data and compliance with the LGPD (Brazilian General Data Protection Law) and the GDPR (General Data Protection Regulation).
Every right brings with it a duty – or several.
It has become easier, less bureaucratic, and less expensive to transfer personal data between Brazil and EU member countries, which will likely bring development to companies that carry out cross-border operations, such as those operating in the financial sector and technology startups.
However, Brazilian companies still have homework to do in strict compliance with other regulations that affect their businesses, such as compliance with the Digital Statute of Children and Adolescents (ECA Digital).
The nations that make up the European bloc have been demanding that platforms like TikTok, Instagram, and X protect minors, aligning with Law 15.211/2025, especially regarding its scope of application to information technology products or services likely to be accessed by children and adolescents, and not only those directed at them.
Therefore, there will be no "free lunch" when it comes to the decision on compliance between us and the members of the European community: Brazil is joining the world's largest network for secure data transfer, but let us remember that this achievement brings with it great responsibilities.
