Portuguese 
English 
Spanish 
3 min of reading 
0 comments 
Proposal Presented in 2025 Promises to Redefine Limits for the Collection and Processing of Biometric Data in Public and Private Services
An important change in the field of data protection began to gain momentum in 2024, when the National Data Protection Authority (ANPD) intensified alerts about the increased use of biometric data in applications, registrations, and digital platforms. In May 2025, this movement resulted in the presentation of Bill No. 2,379/2025, a proposal created to define new rules and require alternatives for citizens in authentication processes.
Biometric Data and Protection Foreseen in the LGPD
The Law No. 13,709/2018 (LGPD) already classified biometric data as sensitive personal data, because such elements can expose privacy and cause risks when processed unnecessarily. Thus, the legislator established enhanced protection for physical, physiological, and behavioral data that allows for the precise identification of a person, as defined in Article 5, Item II, of the legislation. Therefore, any improper use can violate fundamental principles, especially the dignity of the human person, mentioned in Article 2 of the LGPD.
ARTICLE CONTINUES BELOWSee also
The new Civil Code could revolutionize marriages in Brazil with “express divorce” and changes that could exclude spouses from inheritance.
Banco do Brasil sues famous influencer for million-dollar debt and intensifies debate on delinquency, risks of seizure, and direct impact on Gkay’s credibility.
The Senate approves a bill that criminalizes misogyny, hatred, or aversion towards women, and includes the crime in the Racism Law with a penalty of up to 5 years.
Chamber Approves Bill That Allows Pepper Spray for Women Over 16 and Imposes Strict Rules for Purchase, Possession, and Use as Self-Defense
Legitimate Use of Biometric Data
Historically, banks and healthcare service providers adopted biometrics to enhance security in digital transactions. Consequently, the use of this data reduced fraud and strengthened users’ financial protection, especially since most banking operations have moved to applications. Still, the ANPD itself recognized in 2024 that even more robust structures are not exempt from incidents.
Excessive Collection Raises Institutional Concerns
With the advancement of digital technologies, applications in various fields began to require biometrics without proportional justification. Therefore, many holders started to provide sensitive data in exchange for services that do not need this layer of security. Thus, this violates principles such as purpose, necessity, and informational self-determination, because many users do not even have a real choice.
Bill 2,379/2025 Alters Rules and Creates Clear Rights
The proposal presented in May 2025 amends Article 20 of the LGPD and includes Article 20-A, establishing four essential changes:
- At least one non-biometric alternative, mandatory for any identification.
- Prohibition of restrictions on holders who refuse to provide biometric data.
- Transparency obligation, with clear and accessible information on all available options.
- Prohibition of conditioning services to the compulsory collection of sensitive data.
Thus, the Bill reinforces the need for proportionality and prevents unjustified demands.
Direct Impacts for Data Processing Agents
If approved, the Bill will require companies and agencies to review their privacy policies. Despite this, the change may reduce operational risks because less data collection represents less exposure to incidents. Additionally, experts assert that companies that avoid data without purpose strengthen their reputation, a constant concern since 2024.
Reflections Guiding the Data Market
The current discussion requires companies to question their practices:
- “Do I Really Need This Data?”
- “Can I Use Another Form of Authentication?”
- “Am I Respecting the Holder’s Autonomy?”
Regardless of approval, such reflections are already considered essential to ensure trust and compliance.
Legal Protection in Constant Evolution
The debate on the limits of biometrics follows the international trend of strengthening the protection of sensitive data. Therefore, the Bill consolidates a movement that began with the LGPD in 2018 and gained strength with alerts from the ANPD in 2024. Thus, Brazil is approaching more mature models of digital governance, ensuring that fundamental rights are respected.
And what about you, do you believe that companies really need to collect so much biometric data or should non-biometric alternatives be the norm in all services?
-
-
-
4 pessoas reagiram a isso.