AI regulation is still under construction in Brazil

Brazil faces a complex scenario of artificial intelligence regulation in 2024. Unlike the European Union, which approved the AI Law in 2023, the country is still debating solid legal frameworks to govern the technology.

The General Data Protection Law (LGPD), in force since 2020, offers an initial basis, but does not specifically address the unique risks of AI. Bill 2338/2023, which seeks to regulate AI, remains in progress in the National Congress. This gap leaves companies and developers in a gray zone, where ethical decisions often prevail over formalized legal obligations.

Experts warn that the delay in approving a Brazilian regulatory framework puts the country at a competitive disadvantage against technological powers that already have clear guidelines.

Data privacy and user consent

One of the biggest ethical challenges involves the use of personal data in training AI models. Companies collect massive amounts of information to feed algorithms, often without explicit consent from users.

LGPD requires prior consent for data collection and processing, but application in AI contexts is not as objective. Social networks, health applications and e-commerce platforms use data to train recommendation and behavior prediction systems. Many users are completely unaware of this secondary use of their information.

Another critical point: biometric and location data can be processed by AI to create invasive profiles. In 2024, data leakage cases that feed unauthorized AI models grow, generating significant fines under the LGPD.

Copyright & intellectual property

Generative AI has brought unprecedented dilemmas.Tools like ChatGPT and DALL-E have been trained with billions of texts and images from the internet, including copyrighted works.In Brazil, several creators and publishers question whether there is copyright infringement in this process.

In 2024, lawsuits in other countries already discuss whether the reproduction of protected content for AI training constitutes fair use or infringement. Brazil still does not have consolidated jurisprudence on this topic. The absence of clear guidelines harms artists, writers and photographers who see their works feeding machines without compensation.

The question also affects the ownership of AI-generated works. If a model was trained with protected works, who owns the exit rights?The user who provided the prompt?The company that developed the AI?

Algorithmic bias and discrimination

AI algorithms reflect the biases present in the data used to train them. In Brazil, this poses a serious risk in critical sectors such as credit granting, contracting and justice.

Studies show that AI systems for evaluating candidates can discriminate against women and blacks.A bank that uses AI for credit risk analysis can systematically deny funding to minority groups, perpetuating historical inequalities.

In 2024, organizations begin implementing bias audits on AI models, but there is no formal legal obligation. The lack of algorithmic transparency exacerbates the problem: companies do not disclose how their systems make decisions, making it impossible for people targeted by discrimination to prove harm.

Transparency and explainability of AI

People have a right to understand why an AI has made a decision about them. A credit denial, job interview disapproval or account lockout require clear and justified explanations. The GDPR provides for the right to explanation of automated decisions, but companies still encounter technical and commercial difficulties in implementing it.

The practical challenge is real: deep neural networks work like black boxes.Not even developers can fully explain why the model came to a specific conclusion.How to comply with legal obligation when the technology does not allow full transparency?

Generative models like GPT present another problem: hallucinations, that is, confident but completely false responses.In critical scenarios like medicine and law, this ethical flaw is unacceptable, but it lacks clear regulation of liability when AI makes serious mistakes.

Civil and criminal liability

When an AI causes damage, who is responsible? The developer? The company that deployed it? The user who provided input data?In 2024, Brazilian law still does not have clear answers.

If a customer support chatbot provides incorrect medical information that harms someone, there may be civil liability. However, determining blame among multiple actors is complex. The lack of specific legal frameworks creates legal uncertainty for companies and makes it difficult for victims to obtain compensation.

The criminal question is even more nebulous. Can one prosecute an AI for violating privacy or committing fraud? The current answer is no AI is not subject to law. But who criminally responds 'PROgrammer, project manager, board? Brazilian criminal law has not yet adapted crime categories to this technological scenario.

Recommendations for the market in 2024

While awaiting robust federal regulation, Brazil can adopt good practices. Companies should: conduct independent bias audits on AI models; fully document datasets and training processes; obtain explicit consent for AI data use; implement explainability mechanisms; establish clear accountability policies internally.

Regulatory bodies such as ANPD (National Data Protection Authority) already make punctual inspections under the LGPD. Responsible governance in AI is not only ethics OR is also a strategy for mitigating legal risks in a still poorly regulated environment.