LGPD Legal Research: Recording Consent & Privacy Rules in Brazil — Comprehensive Report
LGPD Legal Research: Recording Consent & Privacy Rules in Brazil
Research date: 2026-04-04 | Agent: Deep Research | Confidence: High Supersedes: 2026-03-29 initial regulatory analysis (narrower scope)
Executive Summary
GO — with conditions.
Prontua’s model of ambient recording in veterinary (and potentially medical) consultations to generate AI clinical summaries is legally viable under Brazilian law. The hypothesis that “recording can be done without written consent if data is used solely for summary generation” is partially validated but practically irrelevant — while Brazilian law technically permits one-party recording without the other party’s consent, LGPD’s data protection requirements independently mandate explicit informed consent for processing health-related sensitive data. The right question is not “can we record without consent?” but “what’s the minimum viable consent that’s legally defensible?”
Key Findings
- One-party recording is legal — STF RE 583.937 (binding precedent): a conversation participant may record without the other’s knowledge. Art. 8-A, Lei 9.296/96 codified this.
- But LGPD overrides on data processing — Audio of consultations = dados sensíveis (Art. 11). Requires explicit consent (Art. 11, I) regardless of whether the recording act itself is legal.
- Written consent is NOT required — LGPD Art. 8 accepts “any means that demonstrates the data subject’s will.” Digital checkbox, recorded verbal confirmation, or in-app acknowledgment all suffice.
- Veterinary is less regulated — No CFMV prohibition on recording. CFMV 1.465/2022 actually encourages recording in telemedicine. The vet sector is 2-3 years behind human medicine in regulatory scrutiny.
- Competitors already operate — Vocis, Voa Health, DoctorFlow, and Noa Notes (Doctoralia) are live in Brazil with ambient AI scribing. Vocis uses per-consultation consent prompts and audio non-retention as differentiators.
- ANPD enforcement is materializing — ANPD became a full agency (Feb 2026), has health data as a 2025-2026 priority, and signed a joint supervision agreement with ANS. First private health-tech fine likely in 2026.
Recommendation
Implement a lightweight per-consultation consent flow (digital acknowledgment before recording starts) + audio non-retention policy (delete audio after summary confirmation). This provides maximum legal protection with minimum UX friction, and positions Prontua ahead of competitors on compliance.
Formal legal counsel before launch: YES, recommended — specifically for drafting the privacy policy, consent terms, and DPA with AI providers. Budget: R$5-15K for a specialized data protection attorney.
1. LGPD Requirements for Audio Recording
1.1 Data Classification
Audio recordings of consultations are sensitive personal data (dados sensíveis) under LGPD Art. 5, II. They capture:
| Data Type | LGPD Classification | Why |
|---|---|---|
| Raw audio (voices) | Sensitive — biometric characteristics | Voice is inherently biometric; conservative treatment recommended |
| Clinical content discussed | Sensitive — health data | Health conditions, diagnoses, treatments |
| Tutor identity (name, context) | Personal data | Identifiable natural person |
| Incidental tutor health mentions | Sensitive — health data | Tutors may mention own conditions |
| Veterinarian identity | Personal data | Professional, identifiable |
Bottom line: The entire recording must be treated under Art. 11’s stricter regime, not Art. 7’s general regime.
1.2 Legal Basis — Art. 11 (Sensitive Data)
Art. 11 provides a closed list of legal bases. For Prontua:
| Basis | Applicable? | Notes |
|---|---|---|
| Art. 11, I — Explicit consent | YES (primary) | Must be specific, informed, highlighted, freely given |
| Art. 11, II, f — Health protection | Potentially (secondary) | Narrowly construed; requires qualified health professional performing the procedure |
| Art. 7, IX — Legitimate interest | NO | Explicitly unavailable for sensitive data per ANPD guidance |
| Art. 7, V — Contract performance | NO | Not in Art. 11’s closed list |
Recommendation: Use explicit consent (Art. 11, I) as primary basis. Cite Art. 11, II, f as supporting basis for the clinical-necessity dimension. Do not rely on legitimate interest.
1.3 Consent Requirements (Art. 8)
LGPD does not require written consent. Art. 8 accepts consent “provided in writing or by another means that demonstrates the data subject’s will.”
Valid consent mechanisms:
- Digital checkbox/button in app (recommended)
- Recorded verbal confirmation
- Electronic signature
- In-app acknowledgment screen
Requirements for valid consent:
- Freely given — no coercion, no penalty for refusal
- Specific — must name the exact purpose (recording for AI summary generation)
- Informed — tutor must understand what is collected and how it’s used
- Highlighted — if in a broader document, consent for sensitive data must be visually separated
- Not generic — “I authorize data processing” is void
- Revocable — at any time, at no cost, with immediate effect (Art. 8, §5)
Burden of proof is on the controller (Art. 8, §2) — verbal consent alone without recording is risky because it’s hard to prove.
1.4 Purpose Limitation (Art. 6, I)
The stated purpose must be specific: “Recording of consultation audio exclusively for generating an automated clinical summary.”
The audio CANNOT be used for:
- AI model training (without separate explicit consent)
- Analytics/business intelligence
- Sharing with third parties
- Marketing or benchmarking
Art. 11, §4 prohibition: Communication or shared use of sensitive health data between controllers for economic advantage is explicitly prohibited.
AI API providers (OpenAI, Anthropic, etc.) as processors: allowed under DPA, provided the processor contractually commits to NOT training on the data.
1.5 Data Retention
| Data | Retention Rule | Legal Basis |
|---|---|---|
| Raw audio | Delete after summary confirmed | Art. 6, III (necessity principle) |
| Clinical summary (prontuário) | 5 years minimum (vet) / 20 years (human medicine) | CFMV Res. 1.653/2025 / CFM Res. 1.821/2007 |
| Consent records | Duration of relationship + legal retention period | Art. 8, §2 (burden of proof) |
The audio is NOT the clinical record. The generated summary is. Audio should be deleted promptly — hours to days maximum.
1.6 Data Subject Rights (Art. 18)
All rights must be exercisable at no charge, within 15 days:
- Confirmation and access to data
- Correction of inaccurate data
- Deletion of consent-based data (when consent revoked)
- Portability to another provider
- Information on who data was shared with
- Revocation of consent (immediate effect)
Exception: Deletion cannot be demanded for the clinical summary during mandatory retention period (Art. 16, I).
2. Brazilian Medical & Veterinary Regulation
2.1 Criminal Law — One-Party Consent
Brazilian law distinguishes three recording modalities:
| Type | Definition | Legal Status |
|---|---|---|
| Gravação ambiental | Conversation participant records | Lawful without judicial order (STF RE 583.937) |
| Escuta ambiental | Third party records with one participant’s knowledge | Legally ambiguous |
| Interceptação ambiental | Third party records without anyone’s knowledge | Requires judicial order |
Art. 8-A, Lei 9.296/96 (Pacote Anticrime, 2019): Explicitly codified that “there is no crime if the capture is performed by one of the interlocutors.”
Critical for Prontua: The veterinarian must actively initiate/control the recording device. This preserves the “participant recorder” legal status. A device recording without any participant’s active involvement slides toward “interceptação” — a materially different and riskier category.
2.2 CFM — Human Medicine
CFM Despacho Sejur 386/2016:
- Patient recording of their own consultation is legally tolerated
- Physician-initiated recording requires patient consent
- Physician may refuse to continue consultation if being recorded (Art. 33, Código de Ética Médica)
CFM Resolução 2.314/2022 (Telemedicine):
- Recording not mandatory, even in telemedicine
- If stored, requires patient consent and integration into SRES (electronic health record)
- Consent may be digital or recorded verbal confirmation
2.3 CFMV — Veterinary Medicine
Significantly less regulated than human medicine.
CFMV Resolução 1.465/2022 (Veterinary Telemedicine):
- Platforms should “preferably record the entire conversation” — actually encourages recording
- Professional responsible for data storage per applicable law
- No specific prohibition on in-person recording
- No CFMV equivalent to CFM’s physician right-to-refuse-if-recorded
No CFMV resolution addresses ambient/in-person recording in veterinary clinics. This regulatory gap is favorable for Prontua.
2.4 Key Legal Precedents
| Case | Holding | Relevance |
|---|---|---|
| STF RE 583.937 (Tema 237, 2009) | Participant recording is lawful without judicial authorization | Binding precedent with general repercussion |
| STJ, 5ª Turma, Feb 2024 | Clandestine recording valid if protecting superior right | Reinforces participant recording legality |
| STJ, 2023 | Recording WITH police/prosecution assistance requires judicial order | Distinguishes third-party-assisted from participant recording |
3. Hypothesis Validation
Hypothesis: “Recording can be done without written consent if data is used solely for summary generation.”
Verdict: PARTIALLY TRUE, BUT PRACTICALLY IRRELEVANT
True aspects:
- The recording act itself is legal under one-party consent (STF RE 583.937)
- LGPD does not require written consent — digital/verbal mechanisms are valid (Art. 8)
- Purpose limitation to summary generation strengthens the legal position
False/misleading aspects:
- “Without consent” is incorrect — LGPD Art. 11 requires explicit consent for sensitive data processing, regardless of the recording act’s legality
- The consent doesn’t need to be written, but it must be demonstrable (burden of proof on controller)
- “Only for summary” is necessary but not sufficient — you still need consent
Practical conclusion: You need consent. It doesn’t need to be a paper form. A digital acknowledgment in the app before each recording session is sufficient, defensible, and what competitors already do.
4. Competitive Landscape
4.1 Brazilian AI Ambient Scribe Startups
| Company | Model | Consent UX | Audio Retention | Funding/Scale |
|---|---|---|---|---|
| Vocis | EMR + ambient scribe | Per-consultation prompt | Never stored — privacy by design | Launched, active |
| Voa Health | Ambient scribe + docs | Not publicly detailed | Not disclosed | $3M (Prosus), 20K registered MDs |
| DoctorFlow | Recorder + transcription | Doctor-initiated, patient informed | Physician controls | Active |
| Noa Notes (Doctoralia) | Note gen inside Doctoralia | Existing teleconsult consent | Inherited | 140K+ physicians via Doctoralia |
| Scriba | AI EMR + hospital integration | Not documented | Not documented | Active |
4.2 Telemedicine Platforms
| Platform | Recording Policy | Consent Model |
|---|---|---|
| iClinic | Video+audio stored in EMR, SSL 256-bit | Digital consent term pre-session |
| Docway | Recorded, 30-day retention | ToS at signup + checkbox |
| Conexa Saúde | Prohibited by default | Enterprise-specific opt-in |
4.3 International Players
Not active in Brazil. Nuance DAX, Abridge, and Nabla have no Portuguese-language product or Brazil-specific GTM. Regulatory complexity (CFM, LGPD, Portuguese-only flows) creates a 2-3 year moat for local startups.
4.4 Veterinary AI Scribing
No Brazilian vet platform does AI ambient scribing yet. This is uncontested whitespace. Multiple startups (InIA.Pet, ConnectVets Notes, Vet Smart/Petlove) have announced AI features but are earlier stage. Prontua has first-mover advantage in vet ambient scribing.
4.5 Consent UX Patterns in Market
| Pattern | Who Uses It | Compliance Level |
|---|---|---|
| Per-consultation consent prompt | Vocis | Highest |
| Digital consent term pre-session | iClinic, Doctoralia | High |
| ToS acceptance covers recording | Conexa, Docway | Medium (less LGPD-safe for sensitive data) |
| Verbal acknowledgment only | Some practices | Low (proof problem) |
5. Recommended Consent UX Flow
5.1 First-Time Setup (Per Tutor)
- Onboarding screen in app/device setup:
- Clear explanation: “This device records consultations to generate clinical summaries using AI”
- What’s recorded: audio of the consultation
- What’s NOT stored: raw audio is deleted after summary generation
- Who processes: [AI provider name] as data processor under DPA
- Rights: access, deletion, portability, revocation at any time
- Explicit consent toggle — not pre-checked, requires affirmative action
- Consent record stored with timestamp for audit trail
5.2 Per-Consultation Flow
- Brief reminder before recording starts:
- Visual indicator on device (LED) + brief verbal or screen prompt
- “Recording will begin for clinical summary. OK to proceed?”
- One-tap confirm or verbal “yes”
- Recording indicator visible throughout consultation (LED, screen icon)
- Easy stop — tutor or vet can stop recording at any time
5.3 Post-Consultation
- Clinician reviews AI-generated summary
- Summary confirmed → audio auto-deleted
- Summary becomes part of prontuário (5-year retention for vet)
- Tutor can request copy of summary or deletion (within legal limits)
5.4 Revocation Flow
- Tutor requests revocation via app/email/verbal
- Future recordings stopped immediately
- Past audio already deleted (non-retention policy)
- Past summaries retained only if legally required (prontuário retention)
- Confirmation sent to tutor
6. Risk Matrix
| Risk | Likelihood | Impact | Mitigation |
|---|---|---|---|
| ANPD enforcement action for missing consent | Medium (rising) | High — fines up to R$50M or 2% revenue | Per-consultation consent + audit trail |
| Tutor complaint to ANPD | Medium | Medium — investigation, reputational | Clear consent UX + easy rights exercise |
| CFMV ethics complaint against vet | Low | Low-Medium — CFMV has no recording prohibition | Vet initiates recording, tutor informed |
| Data breach of audio recordings | Low (if non-retention) | Very High if audio leaked | Delete audio immediately after summary — no audio = no audio breach |
| AI provider uses data for training | Medium (contractual) | High — LGPD Art. 11 violation | DPA with explicit prohibition + audit rights |
| Cross-border transfer violation | Medium | Medium-High | ANPD-compliant SCCs or data localization |
| Purpose creep (using audio for analytics) | Low (internal discipline) | High — consent invalidity | Strict purpose limitation in code + policy |
| Criminal complaint for illegal recording | Very Low | Medium | Vet-initiated recording = legal under STF RE 583.937 |
What happens if we get it wrong?
| Scenario | Consequence |
|---|---|
| No consent at all | ANPD fine (up to R$50M), cease processing order, reputational damage |
| Consent exists but poorly documented | Difficult to prove compliance; ANPD may treat as no consent |
| Audio retained beyond necessity | LGPD principle violation; increased breach exposure |
| Data shared with third party for commercial use | Art. 11, §4 violation — explicit prohibition |
| Tutor requests deletion, we don’t comply | Art. 18 violation; ANPD complaint likely |
7. Compliance Checklist — Pre-Launch
Legal Infrastructure
- Engage data protection attorney (R$5-15K) to draft:
- Privacy Policy (Política de Privacidade)
- Consent Terms (Termo de Consentimento)
- DPA with AI providers
- Appoint DPO (Encarregado) — Art. 41
- Conduct and document RIPD (Data Protection Impact Assessment) — mandatory for high-risk health data processing
- Maintain processing records (Art. 37)
Technical Controls
- Per-consultation consent capture with timestamp and audit trail
- Auto-deletion of audio after summary confirmation (hours, not days)
- Encryption at rest and in transit for all personal data
- Data subject rights request channel (15-day SLA)
- DPA with AI API provider prohibiting training on data
- Access controls — only authorized clinician can view summaries
UX Requirements
- Dedicated consent screen (not buried in ToS)
- Visual recording indicator (LED or screen icon)
- Easy stop/revocation mechanism
- Clear explanation of what’s recorded and how it’s used
- Consent confirmation stored as part of consultation record
Governance
- Privacy Policy published and accessible
- Internal data handling procedures documented
- Incident response plan for data breaches
- Regular (annual) review of consent mechanisms and data practices
8. Do We Need Formal Legal Counsel Before Launch?
YES.
Reasons:
- ANPD is actively enforcing — became full agency Feb 2026, health data is 2025-2026 priority
- Competitor differentiation — “LGPD-compliant” positioning requires actual compliance, not just good intentions
- Consent terms and privacy policy need to be legally precise — boilerplate won’t survive an ANPD audit
- DPA with AI providers is a specialized document — contractual obligations around data training, retention, and breach notification
- Cost is low — R$5-15K for a specialized LGPD attorney, vs. potential R$50M fine or business-ending enforcement action
Recommended specialist profile: Attorney specializing in LGPD/data protection with health-tech experience. Look for members of IAPP (International Association of Privacy Professionals) Brazil chapter or ABPD (Associação Brasileira de Proteção de Dados).
9. Key Legal References
| Reference | What It Covers |
|---|---|
| LGPD (Lei 13.709/2018) | Full data protection framework |
| LGPD Art. 5, II | Sensitive data definition (health, biometric) |
| LGPD Art. 8 | Consent requirements and validity |
| LGPD Art. 11 | Legal bases for sensitive data processing |
| LGPD Art. 11, §4 | Prohibition on sharing health data for economic advantage |
| LGPD Art. 18 | Data subject rights |
| CF/88 Art. 5, X | Constitutional privacy rights |
| Lei 9.296/96 Art. 8-A | Participant recording legality |
| STF RE 583.937 (Tema 237) | Binding precedent: participant recording is lawful |
| CFM Despacho Sejur 386/2016 | CFM position on consultation recording |
| CFM Resolução 2.314/2022 | Telemedicine recording rules |
| CFMV Resolução 1.465/2022 | Veterinary telemedicine (encourages recording) |
| CFMV Resolução 1.653/2025 | Veterinary prontuário retention (5 years) |
| CFM Resolução 1.821/2007 | Medical prontuário retention (20 years / permanent digital) |
| ANPD Guia Legítimo Interesse | Confirms legitimate interest unavailable for sensitive data |
| Lei 15.352/2026 | ANPD becomes full regulatory agency |
Sources
LGPD & Data Protection
- LGPD Full Text (Planalto)
- Art. 11 — LGPD Brazil
- ANPD Legitimate Interest Guide
- ANPD Regulatory Agenda 2025-2026
- ANPD on Generative AI (FPF)
Medical & Veterinary Regulation
- CFM Resolução 2.314/2022 (Telemedicine)
- CFMV Resolução 1.465/2022 (Vet Telemedicine)
- CFMV Resolução 1.653/2025 (Prontuário Veterinário)
Criminal Law & Recording Precedents
- STF RE 583.937 — Gravação Ambiental
- STJ 2024 — Gravação Ambiental Clandestina
- Pacote Anticrime — Art. 8-A Lei 9.296/96
Competitive Landscape
- Vocis
- Voa Health
- DoctorFlow
- Prosus invests in Voa Health (Bloomberg Línea)
- InIA.Pet
- ConnectVets Notes