1. Email Marketing

Email marketing regulations for Brazil [2023]

The Lei Geral de Proteção de Dados Pessoais (LGPD), Brazil’s General Data Protection Law, came into effect in September 2020, after several delays caused by the Coronavirus pandemic. This legislation aims to protect the privacy and rights of individuals by regulating the collection and processing of personal data. 

In this blog, we’ll explore the key aspects of LGPD and the email marketing regulations involved. This will help to ensure you understand your responsibilities and can comply with the law without issues. 

The LGPD and its role in email marketing

In Brazil, email marketers need to ensure that all emails sent out include:

  • The sender’s name
  • Contact information for the organisation
  • A clear and accessible way to opt-out or unsubscribe.


As with every other country implementing data protection around email marketing, consent is critically important and under LGPD. Unsolicited communications have to be based on one of two legal grounds: consent or legitimate interest. 

💡 Consent relates to having prior consent from the recipient that they’re happy to receive communications and that the purpose of data processing has been clearly stated to the subscriber. They must also have an option to withdraw their consent at any time.

Legitimate interest is less clear-cut. The law is currently unable to provide clear guidance on what constitutes legitimate interest, so it’s advisable to check the National Authority on Data Protection before using this as the legal basis for your email marketing activities. 

Exceptions and additional requirements

The LGPD establishes fundamental rules for data protection, but there are some other considerations that businesses need to take into account – notably, the Email Marketing Self-Regulation Code (CAPEM).

The CAPEM code is a voluntary initiative that protects internet users, providing guidelines for marketers such as including opt-out link in every email they send out. It’s not legally binding, but it does show a commitment from organisations where responsible email marketing practices are concerned. 

The LGPD also allows for a soft opt-in approach in some cases, if businesses can prove there’s an existing commercial or social interest. What this means is if there’s a legitimate interest between the sender and the recipient, emails can legally be sent without explicit consent. But as mentioned previously, the lines are blurred where this rule is concerned and organisations should exercise caution before using this as their legal basis. 


Non-compliance with LGPD can result in the following sanctions: a warning, a simple fine or a daily fine.

In case of non-compliance with email marketing regulations, the responsible party may receive a warning which indicates the need to adopt corrective measures within a specified period. Simple fines may be issued to private legal entities, groups or conglomerates, who could face a fine of up to 2% of their revenue, based on the previous financial year’s revenue (excluding taxes). The maximum fine per infraction if 50 million BRL. 

In addition to a simple fine, if entities are found to be non-compliant, they could also be subject to a daily fine which is also capped at the maximum of 50 million BRL. 

In conclusion

With the implementation of LGPD, businesses must prioritise compliance with data protection regulations when conducting email marketing campaigns in Brazil. Adhering to the requirements, obtaining proper consent and respecting recipients’ rights is crucial to protecting businesses from hefty fines and penalties.

Comments to: Email marketing regulations for Brazil [2023]

Your email address will not be published. Required fields are marked *

All the tools you need to grow, up to 70% less cost

Get started for free with up to 2,500 subscribers and 10,000 emails per month, or upgrade to Pro from $9 per month. Cancel anytime.