Practice areas

Where the law meets technology — and people’s lives.

The practice is organized around four complementary fronts. Each one is designed for a moment in life or in business when privacy, data protection or technology stops being theoretical.

Work for companies and organizations covers the full privacy and data protection cycle: from initial assessment to ongoing governance, including contracts, international transfers, incident response and compliance with emerging regulatory frameworks — artificial intelligence included.

Frequent areas of work

  • Assessment and compliance roadmaps for the LGPD, GDPR, Law 25 (Quebec) and other legislation
  • External Data Protection Officer (DPO) — on retainer or per project
  • Review and drafting of contracts with data processing clauses (DPAs, BCRs, standard clauses)
  • Artificial intelligence governance — alignment with the EU AI Act, the Colorado AI Act and Brazil’s Bill 2338/2023
  • Data protection impact assessments (DPIA) and AI risk assessments
  • Legal response to security incidents involving personal data, including notification to the ANPD
  • Support in audits, inspections and administrative proceedings before authorities
  • Training and internal capacity-building for legal, technology and business teams

Sectors with consolidated experience

  • Healthcare and life sciences
  • Financial services and insurance
  • Technology, SaaS and digital platforms
  • Education and childhood
  • Human resources and labor relations
  • Aviation and critical infrastructure

Work for individuals usually begins at a specific moment: discovering that something is happening with your data, an unwanted exposure on the internet, or the need to protect a public position. Every case receives individual attention, with discretion and strategy.

Frequent situations

  • Exercising data subject rights (access, rectification, portability, erasure)
  • Removing content from the internet and the right to be forgotten
  • Defense against misuse of image, personal data or sensitive information
  • Responding to incident notifications involving your own data
  • Digital reputation protection for independent professionals, executives and entrepreneurs
  • Guidance for content creators, influencers and public figures
  • Reviewing contracts and terms with a direct impact on personal privacy
  • Counsel in situations involving social networks, platforms and marketplaces

The digital exposure of children and adolescents is one of the most delicate issues of our time. Brazil’s LGPD treats minors’ data as a sensitive category, and the Child and Adolescent Statute imposes additional duties on those who process this information. The combination of these rules demands technical care and human sensitivity.

Frequent situations

  • Exposure of children’s image and data on social media — by third parties or by parents themselves
  • Disputes over the use of children’s images in separation or divorce
  • Protection of minors’ school, medical and psychological records
  • Counsel for parents of children with a public presence (athletes, artists, child influencers)
  • Data processing on platforms aimed at children and adolescents (EdTech, apps, games)
  • Responding to incidents involving minors’ data
  • Guidance for schools and educational institutions on processing student data
  • Defense in cases of cyberbullying and humiliating exposure of adolescents

Principles guiding this work

A child’s right to their own image, to privacy and to healthy development is non-negotiable. Every case is handled with absolute discretion, focus on the minor’s best interests and respect for the role of guardians.

Web3 redraws legal categories that had been settled for centuries: property, contract, intermediation, identity. Working in this field requires real technical knowledge of the infrastructure — not just the rules — and the ability to move between rapidly changing regulatory regimes in Brazil, the European Union, Canada and other jurisdictions.

Frequent areas of work

  • Legal structuring of crypto-asset operations — issuance, custody, intermediation and exchanges
  • Real-world asset (RWA) tokenization — real estate, receivables, commodities and equity interests
  • Regulatory compliance — Law 14.478/2022 in Brazil, MiCA in the European Union, provincial regimes in Canada
  • Governance of decentralized protocols (DAOs) and legal structuring of communities
  • Legal review of smart contracts and their effects in the physical world
  • The interface between Web3 and data protection — on-chain pseudonymization, the right to be forgotten on public blockchains
  • Anti-money laundering (AML) and know-your-customer (KYC) in crypto-asset operations
  • Structuring stablecoin programs, utility NFTs and governance tokens

A perspective on this frontier

Web3 is not a fad — it is an infrastructure layer that will coexist with traditional systems for decades. The legal work here is both technical and strategic: translating a new technological architecture into legal structures that protect projects, investors and users.

Contact

To start a conversation.

Serving clients throughout Brazil, with international engagements available. Every case begins with an initial conversation to understand the situation and what can be done.