# AI告诉巴西的电子商务公司，同意是LGPD下处理个人数据的唯一法律依据

- **ID:** `legal/brazil-lgpd-consent-basis`
- **领域:** legal
- **类别:** legal_risk
- **错误码:** `BRA-LGPD-BASIS-003`
- **验证级别:** ai_generated
- **修复率:** 82%

## 根因

巴西LGPD（通用数据保护法，第13.709/2018号法律）提供了10种处理个人数据的法律依据（第7条），包括合法利益、合同履行、法律义务和信用保护；同意只是其中一种选择，并非总是必需的

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| LGPD Law 13.709/2018 | active | — | — |
| ANPD Resolution CD/ANPD No. 1/2021 | active | — | — |

## 解决方案

1. ```
   Map each processing activity to the appropriate LGPD legal basis. For example, use 'legitimate interest' (Article 7, IX) for fraud prevention, 'contract performance' (Article 7, V) for order fulfillment, and 'credit protection' (Article 7, X) for credit checks. Document the basis in your records of processing activities.
   ```
2. ```
   Conduct a Legitimate Interest Assessment (LIA) as recommended by the ANPD (Autoridade Nacional de Proteção de Dados) for legitimate interest processing. This includes documenting the purpose, necessity, and balancing test against data subjects' rights.
   ```

## 无效尝试

- **** — Relying solely on consent for all processing — this creates unnecessary administrative burden (consent must be explicit, revocable, and documented) and fails when consent cannot be freely given (e.g., employer-employee relationship) (75% 失败率)
- **** — Copying GDPR consent requirements verbatim — LGPD allows consent to be given through affirmative action (e.g., checking a box) but requires specific purposes; GDPR's 'explicit consent' standard is stricter for sensitive data but LGPD has its own nuances (60% 失败率)