The following are subject to the law:
- Handling of personal data collected in Brazil and
- Handling of data involving the offer of goods or services to people who are in Brazil, - whether free of charge or for a fee -, and regardless of the country in which the data processing takes place.
The following are exempt from the law:
- Handling of personal data carried out for private and non-economic purposes;
- Data that is exclusively journalistic, artistic, or academic;
- Data exclusively related to public security, national defense, state security or the investigation and prosecution of criminal offenses, and
- Data that has no contact with Brazil in the entire processing chain.