Privacy legislation in South American countries goes back to the predecessor of the GDPR, the European Data Protection Directive of 1995. It was at that time that several countries passed privacy legislation aligning themselves with the EU directive. Since that time, and following the introduction of the GDPR, most South American countries have followed suit in updating their own privacy laws to align with the GDPR.

Leading the effort was Brazil with the passage of the Lei Geral de Proteção de Dados (LGPD), legislation based on the GDPR. It reflected the government's desire to closely align with the European Union and facilitate cross-border transfers between the block and Brazil.

We will examine the three largest economies in South America: Brazil, Argentina, and Colombia.

Brazil

Prior to Brazil's introduction in 2018 of their version of the GDPR, the Lei Geral de Proteção de Dados (LGPD), privacy in Brazil was regulated via 40 or more, and often at odds, laws. The LGDP, taking effect on August 15, 2020, unifies all these laws and aligns the country's privacy legislation with the GDPR.