The Grok case in Brazil: Are synthetic images now biometric data?

Aligning with the global movement of data protection authorities, Brazil's data protection agency, the Agência Nacional de Proteção de Dados, in conjunction with the Federal Prosecution Service, the Ministério Público Federal, and the National Consumer Secretariat, Senacon, issued a joint recommendation to social media company X. 

The objective is to halt the generation and circulation of nonconsensual sexually explicit synthetic content — known as deepfakes — produced by X's chatbot, Grok.

The 20 Jan. measure follows reports and complaints that the tool was being used to create erotic and sexualized images of real women and minors, without consent, based on the manipulation of legitimate photographs. Grok has indicated it would ban creating undressed photos of real people. 

At this initial stage, the ANPD requested implementation of several measures for the platform's compliance:

• Immediate cessation of the generation of any sexualized or eroticized content of minors, as well as of adults without authorization.
• Creation, within 30 days, of effective technical procedures to identify, review and remove content of this type already available on the platform.
• Implementation of accessible mechanisms for data subjects to exercise their rights and report abuse.
• Drafting of a data protection impact assessment specific to Grok's synthetic content generation activities.
• Immediate and permanent suspension of accounts involved in the production or exclusive sharing of such media.

Additionally, the ANPD opened an administrative proceeding to delve deeper into the case and evaluate any potential violations of Brazil's General Data Protection Law in more detail.

Potential broader impacts

Beyond the immediate measures, what truly draws attention — and may have impacts beyond the Grok case — is Technical Note No. 1/2026 from the ANPD's General Coordination of Inspection, which grounded these measures and brings forth some interpretations regarding the practical application of the LGPD.