Hello! Welcome!



The AI Harm Library is an initiative of the AI with Rights project, developed by Data Privacy Brasil, a non-profit civil society organization. The Library collects and systematizes concrete, public, and verifiable evidence of negative impacts caused by artificial intelligence (AI) systems, with the aim of fostering informed public debate and supporting regulatory discussions in Brazil.


This Privacy and Personal Data Protection Policy explains, in a clear and accessible manner, how personal data may be processed in the context of the website and, in particular, the case submission form.


If you have any questions or requests, or if you wish to exercise your rights under the Brazilian General Data Protection Law (LGPD), you may contact us at atendimento@dataprivacy.com.br. If you do not agree with this Policy, we kindly ask that you refrain from using the website and its features.


1. Who is responsible for the processing of personal data


Data Privacy Brasil, through the AI with Rights project and the AI Harm Library, is responsible for decisions regarding the purposes and means of processing personal data described in this Policy, acting as the data controller pursuant to Law No. 13,709/2018 (Brazilian General Data Protection Law – LGPD).


Contact channel for privacy matters and data subject rights: atendimento@dataprivacy.com.br.


2. What personal data may be processed


As a general rule, the Library adheres to the principle of necessity and seeks to process only the minimum amount of data adequate to fulfill the purposes of the project.


2.1. Website navigation


The Library does not require user registration to access its content. Nevertheless, as with any website, minimal technical logs may be automatically generated by the infrastructure, but these logs are not intended to identify you.


2.2. Submission of cases


The primary instance of voluntary data processing occurs when an individual submits a case for validation and potential publication in the Library. In this context, the following data may be processed:



  • Case information: title, objective, description,, topic/keywords, date reported, location, primary link and supporting links;
  • Illustrative image (public URL), when provided;
  • Observation/comment field, when completed;
  • E-mail address, if you choose to provide it (to enable contact), subject to the applicable configuration;
  • Contact preference, where the option “I accept to be contacted” or “I don't accept to be contacted” is available.


Attention: The Library does not seek to collect data such as national ID number (RG), taxpayer number (CPF), residential address, telephone number, banking data, official documents, or any necessary identifiers. We recommend that you do not submit this type of information.


2.3. Sensitive personal data and data relating to children/adolescents


The Library does not request sensitive personal information. However, as it addresses real cases, content reference through public links or descriptions may incidentally contain sensitive data (information concerning health, biometric data, political opinions, race/ethnicity) or may involve children and adolescents.


In such cases, the Library will adopt proportionate measures to mitigate risks, restrict access, and prevent undue exposure, including suppression or anonymization whenever possible and consistent with the purposes of processing


2.4. Illegal or highly sensitive content


Please, do not submit or attach illegal or prohibited content (for example:intimate images, material involving sexual exploitation, or content whose dissemination violates third-party rights). If the case involves an immediate risk, please contact the competent authorities.


3. Purposes of processing and legal bases


Where personal data processing occurs, the purposes are limited to:


1. Enabling the operation and security of the website;

2. Receiving, screening, and validating submitted cases;

3. Cross-referencing sources and contextualizing information for documentation and research purposes;

4. Producing analyses and public-interest materials;

5. Responding to requests submitted through the contact channel.


The applicable legal bases may vary depending on the circumstances, including, among others:



  • Legitimate interest (LGPD, art. 7, IX), subject to safeguards and data minimization, for website security, archive management, and activities carried out in the public interest;
  • Consent (LGPD, art. 7, I), when you provide your e-mail address and authorize contact for clarification purposes;
  • Research by a research body (LGPD, art. 7, IV and, where applicable to sensitive personal data, art. 11, II, “c”), with a preference for anonymization whenever possible;
  • Regular exercise of rights (LGPD, art. 7, VI and art. 11, II, “d”), when necessary to address requests, challenges, or institutional protection measures.


4. Non publication of personal data and data minimization


The Library is committed to refraining from publishing personal data that is not necessarily for understanding the case, in particular:


  • Data relating to the individual who submitted the report (where applicable);
  • Documents, identification numbers, addresses, telephone numbers, e-mail addresses, banking information, or equivalent identifiers.


Where the referenced material contains excessive personal data, the team will undertake reasonable and proportionable measures to redact, suppress or otherwise minimize such data in publicity available content, in accordance with the principles of necessity, data minimization, and purpose limitation, and where technically feasible and consistent with the objectives of the Library.


The Library may also synthetise cases and descriptions in order to reduce the exposure of affected individuals, while preserving factual accuracy and verifiability through publicly accessible sources.


5. Cookies and similar technologies



The Library does not, as part of this project, use cookies for advertising, behavioral profiling, or tracking for marketing purposes.


Strictly necessary cookies may be used in connection with hosting services, website security, form functionality, and content delivery. Should the Library adopt non-essential cookies in the future, appropriate transparency measures and preference management mechanisms will be implemented, and this Policy will be duly updated.


6. Data sharing


The Library does not sell or share with third parties, for advertising or marketing purposes, the data submitted through the form. Access to the information received is restricted to authorized team members involved in case actuation and validation.


As with any online service, the website relies on technical infrastructure, which may involve the technical processing of data by service providers acting as data processors. This does not constitute voluntary disclosure of content by the Library, but rather processing necessary to make the service available.


Outside these circumstances, information will only be disclosed pursuant to a legal obligation, a valid request by a competent authority, or a court order, where applicable.


7. Data retention


The Library retains information for as long as necessary to fulfill the purposes described in this Policy, in particular:


  • Screening, validation, and registration of the case;
  • Maintenance of the archive and verification history;
  • Preservation of evidence and editorial traceability.


Where appropriate, the Library may delete or anonymize data after the contact purpose has been fulfilled, subject to technical limitations and applicable legal obligations.


8. Data subject rights and how to exercise it


Pursuant to the LGPD (art. 18), you may request, where applicable: confirmation of processing, access, correction, anonymization or deletion, information regarding data sharing, and withdrawal of consent (where consent is the legal basis), among other rights.


To exercise your rights, please send your request to atendimento@dataprivacy.com.br, providing sufficient information to enable us to respond securely. We may request additional information to verify your identity and protect third parties against fraudulent or unauthorized requests.


9. Amendments to this policy


The Library may update the website, form, and validation workflows from time to time. Whenever there are material changes to the manner in which personal data is processed, this Policy may be amended. The date of the latest update will be indicated at the top of the document.


Where a change is significant and requires a new legal basis, the Library will adopt reasonable transparency measures and, where applicable, seek renewed consent.


10. Governing Law and Jurisdiction


This document shall be governed by and construed in accordance with the laws of the Federative Republic of Brazil. The courts of the District of São Paulo are elected as the competent forum to resolve any disputes arising from this document.

Return to the AI Harm Library

A Data Privacy Brasil é uma organização que nasce da união entre uma escola e uma associação civil em prol da promoção da cultura de proteção de dados e direitos digitais no Brasil e no mundo. Para isso, com o apoio de uma equipe multidisciplinar, realizamos formações, eventos, certificações, consultorias, conteúdos multimídia, pesquisas de interesse público e auditorias cívicas para promoção de direitos em uma sociedade datificada marcada por assimetrias e injustiças. Por meio da educação, da sensibilização e da mobilização da sociedade, almejamos uma sociedade democrática onde as tecnologias estejam a serviço da autonomia e dignidade das pessoas.


www.dataprivacy.com.br | www.dataprivacybr.org